diff options
-rw-r--r-- | po/as.po | 316 | ||||
-rw-r--r-- | po/bn.po | 316 | ||||
-rw-r--r-- | po/ca.po | 316 | ||||
-rw-r--r-- | po/cs.po | 316 | ||||
-rw-r--r-- | po/de.po | 316 | ||||
-rw-r--r-- | po/el.po | 316 | ||||
-rw-r--r-- | po/es.po | 317 | ||||
-rw-r--r-- | po/et.po | 316 | ||||
-rw-r--r-- | po/fa.po | 316 | ||||
-rw-r--r-- | po/fi.po | 316 | ||||
-rw-r--r-- | po/fr.po | 316 | ||||
-rw-r--r-- | po/hu.po | 316 | ||||
-rw-r--r-- | po/id.po | 317 | ||||
-rw-r--r-- | po/it.po | 317 | ||||
-rw-r--r-- | po/ja.po | 316 | ||||
-rw-r--r-- | po/ja_JP.po | 316 | ||||
-rw-r--r-- | po/ko.po | 316 | ||||
-rw-r--r-- | po/lt.po | 316 | ||||
-rw-r--r-- | po/nb.po | 316 | ||||
-rw-r--r-- | po/nl.po | 316 | ||||
-rw-r--r-- | po/nn.po | 316 | ||||
-rw-r--r-- | po/pl.po | 317 | ||||
-rw-r--r-- | po/pt.po | 317 | ||||
-rw-r--r-- | po/pt_BR.po | 316 | ||||
-rw-r--r-- | po/ru.po | 317 | ||||
-rw-r--r-- | po/sk.po | 316 | ||||
-rw-r--r-- | po/sq.po | 316 | ||||
-rw-r--r-- | po/sr.po | 316 | ||||
-rw-r--r-- | po/sssd.pot | 316 | ||||
-rw-r--r-- | po/sv.po | 317 | ||||
-rw-r--r-- | po/ta.po | 316 | ||||
-rw-r--r-- | po/tr.po | 316 | ||||
-rw-r--r-- | po/uk.po | 317 | ||||
-rw-r--r-- | po/vi.po | 316 | ||||
-rw-r--r-- | po/zh_CN.po | 316 | ||||
-rw-r--r-- | po/zh_TW.po | 317 | ||||
-rw-r--r-- | src/man/po/as.po | 705 | ||||
-rw-r--r-- | src/man/po/bn.po | 705 | ||||
-rw-r--r-- | src/man/po/bs.po | 705 | ||||
-rw-r--r-- | src/man/po/ca.po | 705 | ||||
-rw-r--r-- | src/man/po/cs.po | 712 | ||||
-rw-r--r-- | src/man/po/de.po | 705 | ||||
-rw-r--r-- | src/man/po/el.po | 705 | ||||
-rw-r--r-- | src/man/po/es.po | 727 | ||||
-rw-r--r-- | src/man/po/et.po | 705 | ||||
-rw-r--r-- | src/man/po/fa.po | 705 | ||||
-rw-r--r-- | src/man/po/fi.po | 705 | ||||
-rw-r--r-- | src/man/po/fr.po | 767 | ||||
-rw-r--r-- | src/man/po/hu.po | 705 | ||||
-rw-r--r-- | src/man/po/id.po | 705 | ||||
-rw-r--r-- | src/man/po/it.po | 705 | ||||
-rw-r--r-- | src/man/po/ja.po | 705 | ||||
-rw-r--r-- | src/man/po/ja_JP.po | 705 | ||||
-rw-r--r-- | src/man/po/ko.po | 705 | ||||
-rw-r--r-- | src/man/po/lt.po | 705 | ||||
-rw-r--r-- | src/man/po/nb.po | 705 | ||||
-rw-r--r-- | src/man/po/nl.po | 727 | ||||
-rw-r--r-- | src/man/po/nn.po | 705 | ||||
-rw-r--r-- | src/man/po/pl.po | 705 | ||||
-rw-r--r-- | src/man/po/pt.po | 705 | ||||
-rw-r--r-- | src/man/po/pt_BR.po | 705 | ||||
-rw-r--r-- | src/man/po/ru.po | 705 | ||||
-rw-r--r-- | src/man/po/sk.po | 705 | ||||
-rw-r--r-- | src/man/po/sq.po | 705 | ||||
-rw-r--r-- | src/man/po/sr.po | 705 | ||||
-rw-r--r-- | src/man/po/sssd-docs.pot | 695 | ||||
-rw-r--r-- | src/man/po/ta.po | 705 | ||||
-rw-r--r-- | src/man/po/tr.po | 705 | ||||
-rw-r--r-- | src/man/po/uk.po | 788 | ||||
-rw-r--r-- | src/man/po/ur.po | 705 | ||||
-rw-r--r-- | src/man/po/vi.po | 705 | ||||
-rw-r--r-- | src/man/po/zh_CN.po | 705 | ||||
-rw-r--r-- | src/man/po/zh_TW.po | 705 |
73 files changed, 23041 insertions, 14615 deletions
@@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Assamese (http://www.transifex.net/projects/p/fedora/team/" @@ -210,541 +210,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -778,35 +798,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -922,29 +942,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Bengali <info@ankur.org.bd>\n" @@ -209,541 +209,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -777,35 +797,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -921,29 +941,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Catalan <fedora@llistes.softcatala.org>\n" @@ -209,541 +209,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -777,35 +797,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -921,29 +941,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Czech (http://www.transifex.net/projects/p/fedora/team/cs/)\n" @@ -209,541 +209,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -777,35 +797,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -921,29 +941,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: SSS\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2009-12-09 11:13+0100\n" "Last-Translator: Fabian Affolter <fab@fedoraproject.org>\n" "Language-Team: German <fedora-trans-de@redhat.com>\n" @@ -210,561 +210,581 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" +msgstr "" + +#: src/config/SSSDConfig.py:98 msgid "IPA domain" msgstr "IPA-Domain" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:99 msgid "IPA server address" msgstr "IPA-Serveradresse" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:100 msgid "IPA client hostname" msgstr "IPA-Client-Rechnername" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:101 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:102 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:103 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "Kerberos-Serveradresse" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "Kerberos Realm" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 #, fuzzy msgid "entryUSN attribute" msgstr "UID-Attribut" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 #, fuzzy msgid "lastUSN attribute" msgstr "UID-Attribut" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "Benutzername-Attribut" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "UID-Attribut" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "GECOS-Attribut" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "Shell-Attribut" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "UUID-Attribut" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "Vollständiger Name" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 #, fuzzy msgid "shadowMin attribute" msgstr "Benutzername-Attribut" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 #, fuzzy msgid "shadowMax attribute" msgstr "Benutzername-Attribut" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 #, fuzzy msgid "shadowWarning attribute" msgstr "Benutzername-Attribut" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 #, fuzzy msgid "shadowInactive attribute" msgstr "Benutzername-Attribut" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 #, fuzzy msgid "shadowExpire attribute" msgstr "Benutzername-Attribut" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 #, fuzzy msgid "shadowFlag attribute" msgstr "Shell-Attribut" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 #, fuzzy msgid "accountExpires attribute of AD" msgstr "Benutzername-Attribut" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 #, fuzzy msgid "nsAccountLock attribute" msgstr "Benutzername-Attribut" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 #, fuzzy msgid "loginDisabled attribute of NDS" msgstr "Benutzername-Attribut" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 #, fuzzy msgid "loginExpirationTime attribute of NDS" msgstr "Benutzername-Attribut" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 #, fuzzy msgid "Group name" msgstr "Gruppen" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 #, fuzzy msgid "Group password" msgstr "Gruppen" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 #, fuzzy msgid "GID attribute" msgstr "UID-Attribut" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 #, fuzzy msgid "Group member attribute" msgstr "Benutzername-Attribut" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 #, fuzzy msgid "Group UUID attribute" msgstr "UUID-Attribut" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 #, fuzzy msgid "Netgroups members attribute" msgstr "Benutzername-Attribut" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 #, fuzzy msgid "Netgroup triple attribute" msgstr "Benutzername-Attribut" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 #, fuzzy msgid "Netgroup UUID attribute" msgstr "UUID-Attribut" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -798,35 +818,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -942,29 +962,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Greek <trans-el@lists.fedoraproject.org>\n" @@ -209,541 +209,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -777,35 +797,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -921,29 +941,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sss_daemon 0.4.0\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-07-20 09:18-0300\n" "Last-Translator: Héctor Daniel Cabrera <logan@fedoraproject.org>\n" "Language-Team: Fedora Spanish <trans-es@lists.fedoraproject.org>\n" @@ -226,582 +226,603 @@ msgstr "La sección del dominio de la consulta para descubrir servicios DNS" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" +msgstr "" + +#: src/config/SSSDConfig.py:98 msgid "IPA domain" msgstr "Dominio IPA" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:99 msgid "IPA server address" msgstr "Dirección del servidor IPA" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:100 msgid "IPA client hostname" msgstr "Nombre de equipo del cliente IPA" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:101 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Si actualizar o no en forma automática la entrada DNS del cliente en FreeIPA" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:102 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "La interfaz cuya IP debería ser utilizada para actualizaciones DNS " "automáticas" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:103 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "Dirección del servidor Kerberos" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "Reinado Kerberos" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "Expiración de la autenticación" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "Directorio donde almacenar las credenciales cacheadas" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "Ubicación del caché de credenciales del usuario" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "Ubicación de la tabla de claves para validar las credenciales" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "Habilitar la validación de credenciales" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" "Si se encuentra desconectado, almacena contraseñas para más tarde realizar " "una autenticación en línea" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 #, fuzzy msgid "Enables principal canonicalization" msgstr "Habilitar la validación de credenciales" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" "El servidor en donde está ejecutándose el servicio de modificación de " "contraseña, en caso de no ser KDC. " -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, El URI del servidor LDAP" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "DN base predeterminado" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "El Tipo de Esquema a usar en el servidor LDAP, rfc2307" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "El DN Bind predeterminado" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "El tipo del token de autenticación del DN bind predeterminado" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "El token de autenticación del DN bind predeterminado" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "Tiempo durante el que se intentará la conexión" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Tiempo durante el que se intentará operaciones LDAP sincrónicas" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "Tiempo entre intentos de reconexión cuando esté fuera de línea" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "Archivo que contiene los certificados CA" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "Ruta hacia un directorio certificado CA" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 #, fuzzy msgid "File that contains the client certificate" msgstr "Archivo que contiene los certificados CA" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 #, fuzzy msgid "File that contains the client key" msgstr "Archivo que contiene los certificados CA" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "Requiere la verificación de certificado TLS" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "Especificar el mecanismo sasl a usar" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "Especifique el id de autorización sasl a usar" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 #, fuzzy msgid "Specify the sasl authorization realm to use" msgstr "Especifique el id de autorización sasl a usar" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +#, fuzzy +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "Especifique el id de autorización sasl a usar" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "Tabla de clave del servicio Kerberos" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "Usar auth Kerberos para la conexión LDAP" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "Seguir referencias LDAP" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "Período de vida del TGT para la conexión LDAP" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 #, fuzzy msgid "Service name for DNS service lookups" msgstr "Filtro para las búsquedas del usuario" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 #, fuzzy msgid "entryUSN attribute" msgstr "Atributo UID" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 #, fuzzy msgid "lastUSN attribute" msgstr "Atributo UID" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "Tiempo máximo a esperar un pedido de búsqueda" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 #, fuzzy msgid "Length of time to wait for a enumeration request" msgstr "Tiempo máximo a esperar un pedido de búsqueda" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "Tiempo en segundos entre las actualizaciones de enumeración" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 #, fuzzy msgid "Length of time between cache cleanups" msgstr "Tiempo en segundos entre las actualizaciones de enumeración" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "Requiere TLS para búsquedas de ID" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "DN base para búsquedas de usuario" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "Ambito de las búsquedas del usuario" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "Filtro para las búsquedas del usuario" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "Objectclass para los usuarios" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "Atributo Username" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "Atributo UID" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "Atributo GID primario" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "Atributo GECOS" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "Atributo Directorio de inicio" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "Atributo shell" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "Atributo UUID" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "Atributo principal del usuario (para Kerberos) " -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "Nombre completo" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "Atributo memberOf" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "Atributo hora de modificación" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 #, fuzzy msgid "shadowMin attribute" msgstr "Atributo Username" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 #, fuzzy msgid "shadowMax attribute" msgstr "Atributo Username" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 #, fuzzy msgid "shadowWarning attribute" msgstr "Atributo Username" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 #, fuzzy msgid "shadowInactive attribute" msgstr "Atributo Username" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 #, fuzzy msgid "shadowExpire attribute" msgstr "Atributo Username" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 #, fuzzy msgid "shadowFlag attribute" msgstr "Atributo shell" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 #, fuzzy msgid "krbPasswordExpiration attribute" msgstr "Atributo hora de modificación" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 #, fuzzy msgid "accountExpires attribute of AD" msgstr "Atributo Username" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 #, fuzzy msgid "nsAccountLock attribute" msgstr "Atributo Username" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 #, fuzzy msgid "loginDisabled attribute of NDS" msgstr "Atributo Username" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 #, fuzzy msgid "loginExpirationTime attribute of NDS" msgstr "Atributo Username" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 #, fuzzy msgid "Base DN for group lookups" msgstr "DN base para búsquedas de usuario" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 #, fuzzy msgid "Objectclass for groups" msgstr "Objectclass para los usuarios" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 #, fuzzy msgid "Group name" msgstr "Grupos" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 #, fuzzy msgid "Group password" msgstr "Grupos" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 #, fuzzy msgid "GID attribute" msgstr "Atributo UID" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 #, fuzzy msgid "Group member attribute" msgstr "Atributo memberOf" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 #, fuzzy msgid "Group UUID attribute" msgstr "Atributo UUID" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 #, fuzzy msgid "Modification time attribute for groups" msgstr "Atributo hora de modificación" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 #, fuzzy msgid "Base DN for netgroup lookups" msgstr "DN base para búsquedas de usuario" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 #, fuzzy msgid "Objectclass for netgroups" msgstr "Objectclass para los usuarios" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 #, fuzzy msgid "Netgroups members attribute" msgstr "Atributo memberOf" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 #, fuzzy msgid "Netgroup triple attribute" msgstr "Atributo hora de modificación" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 #, fuzzy msgid "Netgroup UUID attribute" msgstr "Atributo UUID" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 #, fuzzy msgid "Modification time attribute for netgroups" msgstr "Atributo hora de modificación" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "Política para evaluar el vencimiento de la contraseña" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "Filtro LDAP para determinar privilegios de acceso" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "Lista separada por comas de usuarios autorizados" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "Lista separada por comas de usuarios prohibidos" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "Shell predeterminado, /bin/bash" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "Base de los directorios de inicio" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "Nombre de la biblioteca NSS a usar" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "Pila PAM a usar" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "Convertirse en demonio (predeterminado)" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "Ejecutarse en forma interactiva (no un demonio)" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "Indicar un archivo de configuración diferente al predeterminado" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "Nive de depuración" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "Agregar marcas de tiempo de depuración" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "Un arhivo abierto de descriptor para los registros de depuración" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "Dominio del proveedor de información (obligatorio)" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "El zócalo privilegiado posee permisos o pertenencia equivocados." -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "El zócalo público posee permisos o pertenencia equivocados." -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "Formato no esperado del mensaje de la credencial del servidor." -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "SSSD no está siendo ejecutado por el usuario root." -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "Ha ocurrido un error, pero no se ha podido encontrar una descripción." -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" "Ha ocurrido un error no esperado mientras se buscaba la descripción del error" @@ -836,35 +857,35 @@ msgstr "Su contraseña expirará en %d %s." msgid "Authentication is denied until: " msgstr "La autenticación ha sido denegada hasta:" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "El sistema está fuera de línea, no se puede cambiar la contraseña" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "Falló el cambio de contraseña." -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "Mensaje del servidor:" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "Nueva contraseña: " -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "Reingrese la contraseña nueva:" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "Contraseña: " -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "Contraseña actual: " -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "La contraseña ha expirado. Modifíquela en este preciso momento." @@ -982,31 +1003,31 @@ msgstr "No es posible definir contexto de registro de SELinux\n" msgid "Cannot get info about the user\n" msgstr "No se pudo obtener información del usuario\n" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "El directorio de inicio del usuario ya existe, no copiar datos desde el " "esqueleto\n" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "No se pudo crear el directorio personal del usuario: %s\n" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "No se pudo crear el receptor de correo del usuario: %s\n" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "No se pudo asignar el ID para el usuario - ¿el dominio estará lleno?\n" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "Ya existe un usuario o grupo con el mismo nombre o ID\n" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "Error en la transacción. No se pudo agregar el usuario.\n" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Estonian (http://www.transifex.net/projects/p/fedora/team/" @@ -210,541 +210,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -778,35 +798,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -922,29 +942,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Persian (http://www.transifex.net/projects/p/fedora/team/" @@ -210,541 +210,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -778,35 +798,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -922,29 +942,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Finnish (http://www.transifex.net/projects/p/fedora/team/" @@ -210,541 +210,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -778,35 +798,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -922,29 +942,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: fr\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2009-11-17 21:05+0100\n" "Last-Translator: Pablo Martin-Gomez <pablo.martin-gomez@laposte.net>\n" "Language-Team: Français <fedora-trans-fr@redhat.com>\n" @@ -209,541 +209,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -777,37 +797,37 @@ msgstr "Le mot de passe a expiré." msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 #, fuzzy msgid "Password change failed. " msgstr "Le mot de passe a expiré." -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "Nouveau mot de passe : " -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "Retaper le nouveau mot de passe : " -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "Mot de passe : " -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 #, fuzzy msgid "Current Password: " msgstr "Nouveau mot de passe : " -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -923,29 +943,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Hungarian <trans-hu@lists.fedoraproject.org>\n" @@ -209,541 +209,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -777,35 +797,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -921,29 +941,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-03-09 10:34+0700\n" "Last-Translator: Teguh DC <dheche@songolimo.net>\n" "Language-Team: Fedora Indonesia <trans-id@lists.fedoraproject.org>\n" @@ -210,578 +210,599 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" +msgstr "" + +#: src/config/SSSDConfig.py:98 msgid "IPA domain" msgstr "Domain IPA" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:99 msgid "IPA server address" msgstr "Alamat server IPA" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:100 msgid "IPA client hostname" msgstr "Nama host klien IPA" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:101 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:102 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:103 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "Alamat server Kerberos" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "Realm Kerberos" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, URI server LDAP" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Jenis Skema yang digunakan pada server LDAP, rfc2307" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "Lamanya waktu untuk mencoba koneksi" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Lamanya waktu untuk mencoba operasi LDAP yang sinkron" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 #, fuzzy msgid "File that contains CA certificates" msgstr "berkas yang berisi sertifikat CA" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 #, fuzzy msgid "File that contains the client certificate" msgstr "berkas yang berisi sertifikat CA" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 #, fuzzy msgid "File that contains the client key" msgstr "berkas yang berisi sertifikat CA" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "Membutuhkan verifikasi sertifikat TLS" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "Tentukan mekanisme sasl yang digunakan" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "Tentukan id otorisasi sasl yang digunakan" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 #, fuzzy msgid "Specify the sasl authorization realm to use" msgstr "Tentukan id otorisasi sasl yang digunakan" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +#, fuzzy +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "Tentukan id otorisasi sasl yang digunakan" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "Keytab layanan Kerberos" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 #, fuzzy msgid "Lifetime of TGT for LDAP connection" msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 #, fuzzy msgid "Service name for DNS service lookups" msgstr "Filter pencarian pengguna" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 #, fuzzy msgid "entryUSN attribute" msgstr "Atribut UID" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 #, fuzzy msgid "lastUSN attribute" msgstr "Atribut UID" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 #, fuzzy msgid "Length of time to wait for a enumeration request" msgstr "Lamanya waktu untuk mencoba koneksi" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 #, fuzzy msgid "Length of time between cache cleanups" msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 #, fuzzy msgid "Require TLS for ID lookups" msgstr "Filter pencarian pengguna" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "Lingkup pencarian pengguna" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "Filter pencarian pengguna" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "Objectclass untuk pengguna" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "Atribut Nama pengguna" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "Atribut UID" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "Atribut GID Primer" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "Atribut GECOS" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "Atribut direktori Home" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "Atribut Shell" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "Atribut UUID" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "Atribut utama pengguna (untuk Kerberos)" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "Nama Lengkap" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "Atribut memberOf" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "Atribut waktu modifikasi" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 #, fuzzy msgid "shadowMin attribute" msgstr "Atribut Nama pengguna" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 #, fuzzy msgid "shadowMax attribute" msgstr "Atribut Nama pengguna" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 #, fuzzy msgid "shadowWarning attribute" msgstr "Atribut Nama pengguna" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 #, fuzzy msgid "shadowInactive attribute" msgstr "Atribut Nama pengguna" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 #, fuzzy msgid "shadowExpire attribute" msgstr "Atribut Nama pengguna" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 #, fuzzy msgid "shadowFlag attribute" msgstr "Atribut Shell" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 #, fuzzy msgid "krbPasswordExpiration attribute" msgstr "Atribut waktu modifikasi" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 #, fuzzy msgid "accountExpires attribute of AD" msgstr "Atribut Nama pengguna" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 #, fuzzy msgid "nsAccountLock attribute" msgstr "Atribut Nama pengguna" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 #, fuzzy msgid "loginDisabled attribute of NDS" msgstr "Atribut Nama pengguna" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 #, fuzzy msgid "loginExpirationTime attribute of NDS" msgstr "Atribut Nama pengguna" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 #, fuzzy msgid "Base DN for group lookups" msgstr "Filter pencarian pengguna" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 #, fuzzy msgid "Objectclass for groups" msgstr "Objectclass untuk pengguna" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 #, fuzzy msgid "Group name" msgstr "Grup" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 #, fuzzy msgid "Group password" msgstr "Grup" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 #, fuzzy msgid "GID attribute" msgstr "Atribut UID" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 #, fuzzy msgid "Group member attribute" msgstr "Atribut memberOf" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 #, fuzzy msgid "Group UUID attribute" msgstr "Atribut UUID" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 #, fuzzy msgid "Modification time attribute for groups" msgstr "Atribut waktu modifikasi" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 #, fuzzy msgid "Base DN for netgroup lookups" msgstr "Filter pencarian pengguna" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 #, fuzzy msgid "Objectclass for netgroups" msgstr "Objectclass untuk pengguna" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 #, fuzzy msgid "Netgroups members attribute" msgstr "Atribut memberOf" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 #, fuzzy msgid "Netgroup triple attribute" msgstr "Atribut waktu modifikasi" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 #, fuzzy msgid "Netgroup UUID attribute" msgstr "Atribut UUID" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 #, fuzzy msgid "Modification time attribute for netgroups" msgstr "Atribut waktu modifikasi" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "Daftar pengguna yang diijinkan dalam format yang dipisahkan koma" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "Daftar pengguna yang tidak diijinkan dalam format yang dipisahkan koma" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "Shell default, /bin/bash" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 #, fuzzy msgid "An open file descriptor for the debug logs" msgstr "Mengatur verbosity dari pencatatan debug" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -816,35 +837,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "Otentikasi luring, otentikasi ditolak sampai:" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "Sistem sedang luring, perubahan kata sandi tidak dimungkinkan" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "Perubahan kata sandi gagal." -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "Pesan server:" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "Kata Sandi Baru: " -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "Masukkan lagi kata sandi baru:" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "Kata sandi:" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "Kata sandi saat ini:" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -961,30 +982,30 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "Tidak bisa mendapatkan info tentang pengguna\n" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "Direktori home milik pengguna sudah ada, tidak menyalin data dari skeldir\n" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "Tidak dapat membuat direktori home milik pengguna: %s\n" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "Tidak dapat membuat spool mail milik pengguna: %s\n" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "Tidak dapat mengalokasikan ID untuk pengguna - domain penuh?\n" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "Pengguna atau grup dengan nama atau ID yang sama sudah ada\n" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "Kesalahan transaksi. Tidak dapat menambahkan pengguna.\n" @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: it\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-04-08 16:50+0200\n" "Last-Translator: Guido Grazioli <guido.grazioli@gmail.com>\n" "Language-Team: Italian <trans-it@lists.fedoraproject.org>\n" @@ -221,580 +221,601 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" +msgstr "" + +#: src/config/SSSDConfig.py:98 msgid "IPA domain" msgstr "Dominio IPA" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:99 msgid "IPA server address" msgstr "Indirizzo del server IPA" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:100 msgid "IPA client hostname" msgstr "Hostname del client IPA" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:101 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:102 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:103 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "Indirizzo del server Kerberos" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "Realm Kerberos" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "Timeout di autenticazione" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "Directory in cui salvare le credenziali" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "Percorso della cache delle credenziali utente" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "Percorso del keytab per la validazione delle credenziali" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "Abilita la validazione delle credenziali" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 #, fuzzy msgid "Enables principal canonicalization" msgstr "Abilita la validazione delle credenziali" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Server dove viene eseguito il servizio di cambio password, se non nel KDC" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, l'indirizzo del server LDAP" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "Il base DN predefinito" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Lo Schema Type utilizzato dal server LDAP, rfc2307" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "Il bind DN predefinito" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "Il tipo di token di autenticazione del bind DN predefinito" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "Il token di autenticazione del bind DN predefinito" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "Durata del tentativo di connessione" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Durata del tentativo di esecuzione di operazioni LDAP sincrone" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "Durata tra tentativi di riconnessione quando offline" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 #, fuzzy msgid "File that contains CA certificates" msgstr "file che contiene certificati CA" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 #, fuzzy msgid "File that contains the client certificate" msgstr "file che contiene certificati CA" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 #, fuzzy msgid "File that contains the client key" msgstr "file che contiene certificati CA" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "Richiedere la verifica del certificato TLS" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "Specificare il meccanismo sasl da usare" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "Specificare l'id di autorizzazione sasl da usare" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 #, fuzzy msgid "Specify the sasl authorization realm to use" msgstr "Specificare l'id di autorizzazione sasl da usare" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +#, fuzzy +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "Specificare l'id di autorizzazione sasl da usare" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "Keytab del servizio Kerberos" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "Usare autorizzazione Kerberos per la connessione LDAP" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "Seguire i referral LDAP" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 #, fuzzy msgid "Lifetime of TGT for LDAP connection" msgstr "Usare autorizzazione Kerberos per la connessione LDAP" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 #, fuzzy msgid "Service name for DNS service lookups" msgstr "Filtro per i lookup utente" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 #, fuzzy msgid "entryUSN attribute" msgstr "Attributo UID" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 #, fuzzy msgid "lastUSN attribute" msgstr "Attributo UID" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "Durata attesa per le richieste di ricerca" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 #, fuzzy msgid "Length of time to wait for a enumeration request" msgstr "Durata attesa per le richieste di ricerca" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "Durata tra gli aggiornamenti alle enumeration" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 #, fuzzy msgid "Length of time between cache cleanups" msgstr "Durata tra gli aggiornamenti alle enumeration" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 #, fuzzy msgid "Require TLS for ID lookups" msgstr "Richiedere TLS per gli ID lookup, false" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "Base DN per i lookup utente" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "Ambito di applicazione dei lookup utente" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "Filtro per i lookup utente" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "Objectclass per gli utenti" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "Attributo del nome utente" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "Attributo UID" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "Attributo del GID primario" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "Attributo GECOS" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "Attributo della home directory" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "Attributo della shell" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "Attributo UUID" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "Attributo user principal (per Kerberos)" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "Nome completo" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "Attributo memberOf" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "Attributo data di modifica" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 #, fuzzy msgid "shadowMin attribute" msgstr "Attributo del nome utente" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 #, fuzzy msgid "shadowMax attribute" msgstr "Attributo del nome utente" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 #, fuzzy msgid "shadowWarning attribute" msgstr "Attributo del nome utente" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 #, fuzzy msgid "shadowInactive attribute" msgstr "Attributo del nome utente" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 #, fuzzy msgid "shadowExpire attribute" msgstr "Attributo del nome utente" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 #, fuzzy msgid "shadowFlag attribute" msgstr "Attributo della shell" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 #, fuzzy msgid "krbPasswordExpiration attribute" msgstr "Attributo data di modifica" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 #, fuzzy msgid "accountExpires attribute of AD" msgstr "Attributo del nome utente" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 #, fuzzy msgid "nsAccountLock attribute" msgstr "Attributo del nome utente" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 #, fuzzy msgid "loginDisabled attribute of NDS" msgstr "Attributo del nome utente" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 #, fuzzy msgid "loginExpirationTime attribute of NDS" msgstr "Attributo del nome utente" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 #, fuzzy msgid "Base DN for group lookups" msgstr "Base DN per i lookup utente" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 #, fuzzy msgid "Objectclass for groups" msgstr "Objectclass per gli utenti" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 #, fuzzy msgid "Group name" msgstr "Gruppi" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 #, fuzzy msgid "Group password" msgstr "Gruppi" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 #, fuzzy msgid "GID attribute" msgstr "Attributo UID" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 #, fuzzy msgid "Group member attribute" msgstr "Attributo memberOf" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 #, fuzzy msgid "Group UUID attribute" msgstr "Attributo UUID" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 #, fuzzy msgid "Modification time attribute for groups" msgstr "Attributo data di modifica" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 #, fuzzy msgid "Base DN for netgroup lookups" msgstr "Base DN per i lookup utente" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 #, fuzzy msgid "Objectclass for netgroups" msgstr "Objectclass per gli utenti" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 #, fuzzy msgid "Netgroups members attribute" msgstr "Attributo memberOf" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 #, fuzzy msgid "Netgroup triple attribute" msgstr "Attributo data di modifica" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 #, fuzzy msgid "Netgroup UUID attribute" msgstr "Attributo UUID" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 #, fuzzy msgid "Modification time attribute for netgroups" msgstr "Attributo data di modifica" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "Politica per controllare la scadenza della password" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "Lista separata da virgola degli utenti abilitati" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "Lista separata da virgola degli utenti non abilitati" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "Shell predefinita, /bin/bash" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "Base delle home directory" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "Il nome della libreria NSS da usare" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "Stack PAM da usare" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "Esegui come demone (default)" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "Esegui interattivamente (non come demone)" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "Specificare un file di configurazione specifico" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "Livello debug" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "Includi timestamp di debug" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "Un descrittore di file aperto per l'output di debug" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "Dominio del provider di informazioni (obbligatorio)" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 #, fuzzy msgid "Unexpected format of the server credential message." msgstr "Percorso della cache delle credenziali utente" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -829,35 +850,35 @@ msgstr ", la password in cache scadrà il: " msgid "Authentication is denied until: " msgstr "Autenticazione offline, l'autenticazione sarà negata fino a:" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "Il sistema è offline, non è possibile richiedere un cambio password" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "Cambio password fallito." -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "Messaggio del server:" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "Nuova password: " -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "Conferma nuova password: " -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "Password: " -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "Password corrente: " -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "Password scaduta. Cambiare la password ora." @@ -975,31 +996,31 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "Impossibile determinare le informazioni dell'utente\n" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "La directory home dell'utente esiste, non vengono copiati dati dalla " "directory skeleton\n" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "Impossibile creare la directory home dell'utente: %s\n" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "Impossibile creare lo spool di mail dell'utente: %s\n" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "Impossibile allocare l'ID utente - dominio pieno?\n" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "Utente o gruppo con lo stesso nome o ID già presente\n" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "Errore nella transazione. L'utente non è stato aggiunto.\n" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2011-03-08 15:26+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -209,541 +209,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -777,35 +797,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -921,29 +941,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" diff --git a/po/ja_JP.po b/po/ja_JP.po index 9b51a40b..95cb7f1b 100644 --- a/po/ja_JP.po +++ b/po/ja_JP.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -209,541 +209,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -777,35 +797,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -921,29 +941,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Korean (http://www.transifex.net/projects/p/fedora/team/ko/)\n" @@ -209,541 +209,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -777,35 +797,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -921,29 +941,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Lithuanian (http://www.transifex.net/projects/p/fedora/team/" @@ -211,541 +211,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -779,35 +799,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -923,29 +943,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n" @@ -209,541 +209,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -777,35 +797,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -921,29 +941,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd.master.sss_daemon\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2009-11-19 12:19+0100\n" "Last-Translator: Richard van der Luit <nippur@fedoraproject.org>\n" "Language-Team: Dutch <nl@li.org>\n" @@ -210,541 +210,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -778,37 +798,37 @@ msgstr "Wachtwoord is verlopen." msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 #, fuzzy msgid "Password change failed. " msgstr "Wachtwoord is verlopen." -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "Nieuw Wachtwoord: " -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "Voer nieuw wachtwoord nogmaals in: " -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "Wachtwoord: " -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 #, fuzzy msgid "Current Password: " msgstr "Nieuw Wachtwoord: " -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -924,29 +944,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Norwegian Nynorsk <i18n-nn@lister.ping.uio.no>\n" @@ -209,541 +209,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -777,35 +797,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -921,29 +941,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2011-03-08 15:07+0000\n" "Last-Translator: sgallagh <sgallagh@redhat.com>\n" "Language-Team: Polish <None>\n" @@ -224,554 +224,575 @@ msgstr "Część domeny zapytania DNS wykrywania usługi" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" +msgstr "" + +#: src/config/SSSDConfig.py:98 msgid "IPA domain" msgstr "Domena IPA" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:99 msgid "IPA server address" msgstr "Adres serwera IPA" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:100 msgid "IPA client hostname" msgstr "Nazwa komputera klienta IPA" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:101 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Czy automatycznie aktualizować wpis DNS klienta w oprogramowaniu FreeIPA" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:102 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "Interfejs, którego adres IP powinien być używany do dynamicznych " "aktualizacji DNS" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:103 msgid "Search base for HBAC related objects" msgstr "Wyszukiwanie podstawy pod kątem obiektów związanych z HBAC" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "Adres serwera Kerberos" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "Obszar Kerberos" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "Czas oczekiwania na uwierzytelnienie" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" "Katalog do przechowywania pamięci podręcznych danych uwierzytelniających" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "Położenie pamięci podręcznej danych uwierzytelniających użytkownika" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "Położenie tablicy kluczy do sprawdzania danych uwierzytelniających" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "Włącza sprawdzanie danych uwierzytelniających" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" "Przechowuje hasło, jeśli w trybie offline do późniejszego uwierzytelnienia w " "trybie online" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "Odnawialny czas trwania TGT" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "Czas trwania TGT" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "Czas między dwoma sprawdzaniami odnowy" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "Włącza FAST" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 #, fuzzy msgid "Enables principal canonicalization" msgstr "Włącza sprawdzanie danych uwierzytelniających" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Serwer, w którym jest uruchomiona usługa zmiany haseł, jeśli nie znajduje " "się w KDC" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, adres URI serwera LDAP" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "Domyślna podstawowa DN" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Typ Schema do użycia na serwerze LDAP, RFC2307" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "Domyślne DN dowiązania" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "Typ tokenu uwierzytelniania domyślnego DN dowiązania" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "Token uwierzytelniania domyślnego DN dowiązania" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "Czas do próby połączenia" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Czas do próby synchronicznych działań LDAP" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "Czas między próbami ponownego połączenia w trybie offline" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "Użycie tylko małych znaków w nazwach obszarów" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "Plik zawierający certyfikaty CA" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "Ścieżka do katalogu certyfikatów CA" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "Plik zawierający certyfikat klienta" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "Plik zawierający klucz klienta" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "Lista możliwych zestawów szyfrów" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "Wymaga sprawdzenia certyfikatu TLS" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "Podaje używany mechanizm SASL" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "Podaje używany identyfikator upoważnienia SASL" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 #, fuzzy msgid "Specify the sasl authorization realm to use" msgstr "Podaje używany identyfikator upoważnienia SASL" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +#, fuzzy +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "Podaje używany identyfikator upoważnienia SASL" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "Tablica kluczy usługi Kerberos" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "Używa uwierzytelniania Kerberos dla połączenia LDAP" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "Podąża za odsyłaniami LDAP" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "Czas trwania TGT dla połączenia LDAP" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "Jak wskazywać aliasy" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "Nazwa usługi do wyszukiwań usługi DNS" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "Atrybut entryUSN" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "Atrybut lastUSN" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "Czas oczekiwania na żądanie wyszukiwania" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "Czas oczekiwania na żądanie wyliczenia" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "Czas między aktualizacjami wyliczania" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "Czas między czyszczeniem pamięci podręcznej" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "Wymaga TLS dla wyszukiwania identyfikatorów" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "Podstawowe DN dla wyszukiwania użytkowników" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "Zakres wyszukiwania użytkowników" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "Filtruje wyszukiwania użytkowników" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "Klasa obiektów dla użytkowników" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "Atrybut nazwy użytkownika" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "Atrybut UID" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "Pierwszy atrybut GID" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "Atrybut GECOS" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "Atrybut katalogu domowego" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "Atrybut powłoki" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "Atrybut UUID" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "Atrybut głównego użytkownika (dla Kerberos)" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "Imię i nazwisko" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "Atrybut memberOf" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "Atrybut czasu modyfikacji" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "Atrybut shadowLastChange" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "Atrybut shadowMin" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "Atrybut shadowMax" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "Atrybut shadowWarning" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "Atrybut shadowInactive" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "Atrybut shadowExpire" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "Atrybut shadowFlag" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "Atrybut zawierający listę upoważnionych usług PAM" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 #, fuzzy msgid "Attribute listing authorized server hosts" msgstr "Atrybut zawierający listę upoważnionych usług PAM" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "Atrybut krbLastPwdChange" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "Atrybut krbPasswordExpiration" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "Atrybut wskazujący, czy polityki haseł po stronie serwera są aktywne" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "Atrybut accountExpires AD" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "Atrybut userAccountControl AD" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "Atrybut nsAccountLock" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 #, fuzzy msgid "loginDisabled attribute of NDS" msgstr "Atrybut accountExpires AD" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 #, fuzzy msgid "loginExpirationTime attribute of NDS" msgstr "Atrybut accountExpires AD" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "Podstawowe DN dla wyszukiwania grup" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "Klasa obiektów dla grup" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "Nazwa grupy" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "Hasło grupy" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "Atrybut GID" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "Atrybut elementu grupy" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "Atrybut UUID grupy" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "Atrybut czasu modyfikacji grup" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "Maksymalny poziom zagnieżdżenia, jaki usługa SSSD będzie używała" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "Podstawowe DN dla wyszukiwania grupy sieciowej" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "Klasa obiektów dla grup sieciowych" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "Nazwa grupy sieciowej" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "Atrybut elementów grupy sieciowej" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "Potrójny atrybut grupy sieciowej" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "Atrybut UUID grupy sieciowej" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "Atrybut czasu modyfikacji grup sieciowych" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "Polityka do oszacowania wygaszenia hasła" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "Filtr LDAP do określenia uprawnień dostępu" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "Które atrybuty powinny być używane do sprawdzenia, czy konto wygasło" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "Które reguły powinny być używane do sprawdzania kontroli dostępu" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "Adres URI serwera LDAP, gdzie zmiany hasła są dozwolone" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "Nazwa usługi DNS serwera zmiany hasła LDAP" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "Lista dozwolonych użytkowników oddzielonych przecinkami" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "Lista zabronionych użytkowników oddzielonych przecinkami" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "Domyślna powłoka, /bin/bash" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "Podstawa katalogów domowych" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "Nazwa używanej biblioteki NSS" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "Używany stos PAM" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "Uruchamia jako demon (domyślnie)" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "Uruchamia interaktywnie (nie jako demon)" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "Podaje niedomyślny plik konfiguracji" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "Poziom debugowania" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "Dodaje czasy debugowania" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "Otwiera deskryptor pliku dla dzienników debugowania" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "Domena dostawcy informacji (wymagane)" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "Uprawnione gniazdo posiada błędnego właściciela lub uprawnienia." -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "Publiczne gniazdo posiada błędnego właściciela lub uprawnienia" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "Nieoczekiwany format komunikatu uwierzytelniającego serwera." -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "SSSD nie zostało uruchomione w trybie roota." -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "Wystąpił błąd, ale nie odnaleziono jego opisu." -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "Nieoczekiwany błąd podczas wyszukiwania opisu błędu" @@ -805,35 +826,35 @@ msgstr "Hasło wygaśnie za %d %s." msgid "Authentication is denied until: " msgstr "Uwierzytelnianie jest zabronione do: " -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "System jest w trybie offline, zmiana hasła nie jest możliwa" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "Zmiana hasła nie powiodła się. " -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "Komunikat serwera: " -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "Nowe hasło: " -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "Proszę ponownie podać nowe hasło: " -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "Hasło: " -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "Bieżące hasło: " -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "Hasło wygasło. Proszę je zmienić teraz." @@ -949,33 +970,33 @@ msgstr "Nie można ustawić kontekstu loginu SELinuksa\n" msgid "Cannot get info about the user\n" msgstr "Nie można uzyskać informacji o użytkowniku\n" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "Katalog domowy użytkownika już istnieje, dane z katalogu szkieletu nie " "zostaną skopiowane\n" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "Nie można utworzyć katalogu domowego użytkownika: %s\n" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "Nie można utworzyć buforu poczty użytkownika: %s\n" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" "Nie można przydzielić identyfikatora użytkownikowi - czy domena jest pełna?\n" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" "Użytkownik lub grupa o tej samej nazwie lub identyfikatorze już istnieje\n" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "Błąd transakcji. Nie można dodać użytkownika.\n" @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd.master.sss_daemon\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-02-23 13:59+0100\n" "Last-Translator: Rui Gouveia <rui.gouveia@gmail.com>\n" "Language-Team: fedora-trans-pt@redhat.com\n" @@ -221,579 +221,600 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" +msgstr "" + +#: src/config/SSSDConfig.py:98 msgid "IPA domain" msgstr "Domínio IPA" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:99 msgid "IPA server address" msgstr "Endereço do servidor IPA" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:100 msgid "IPA client hostname" msgstr "Nome da máquina do cliente IPA" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:101 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:102 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:103 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "Endereço do servidor Kerberos" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "Reino Kerberos" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "Tempo de expiração da autenticação" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "Directório para armazenar as caches de credenciais" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "Localização da cache de credenciais dos utilizadores" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "Localização da tabela de chaves (keytab) para validar credenciais" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "Activar validação de credenciais" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 #, fuzzy msgid "Enables principal canonicalization" msgstr "Activar validação de credenciais" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Servidor onde está em execução o serviço de alteração de senha, se não " "coincide com o KDC" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, O URI do servidor LDAP" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "A base DN por omissão" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "O tipo de Schema em utilização no servidor LDAP, rfc2307" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "O DN por omissão para a ligação" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "O tipo de token de autenticação do bind DN por omissão" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "O token de autenticação do bind DN por omissão" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "Período de tempo para tentar ligação" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Tempo de espera para tentar operações LDAP síncronas" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "Tempo de espera entre tentativas para re-conectar quando desligado" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "Ficheiro que contêm os certificados CA" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "Caminho para o directório do certificado CA" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 #, fuzzy msgid "File that contains the client certificate" msgstr "Ficheiro que contêm os certificados CA" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 #, fuzzy msgid "File that contains the client key" msgstr "Ficheiro que contêm os certificados CA" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "Obriga a verificação de certificados TLS" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "Especificar mecanismo sasl a utilizar" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "Especifique o id sasl para utilizar na autorização" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 #, fuzzy msgid "Specify the sasl authorization realm to use" msgstr "Especifique o id sasl para utilizar na autorização" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +#, fuzzy +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "Especifique o id sasl para utilizar na autorização" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "Separador chave do serviço Kerberos" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "Utilizar autenticação Kerberos para ligações LDAP" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "Seguir os referrals LDAP" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 #, fuzzy msgid "Lifetime of TGT for LDAP connection" msgstr "Utilizar autenticação Kerberos para ligações LDAP" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 #, fuzzy msgid "Service name for DNS service lookups" msgstr "Filtro para as pesquisas do utilizador" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 #, fuzzy msgid "entryUSN attribute" msgstr "Atributo UID" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 #, fuzzy msgid "lastUSN attribute" msgstr "Atributo UID" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "Tempo de espera por um pedido de pesquisa" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 #, fuzzy msgid "Length of time to wait for a enumeration request" msgstr "Tempo de espera por um pedido de pesquisa" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "Período de tempo entre enumeração de actualizações" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 #, fuzzy msgid "Length of time between cache cleanups" msgstr "Período de tempo entre enumeração de actualizações" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "Requer TLS para consultas de ID" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "DN base para pesquisa de utilizadores" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "Âmbito das pesquisas do utilizador" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "Filtro para as pesquisas do utilizador" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "Objectclass para utilizadores" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "Atributo do nome do utilizador" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "Atributo UID" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "Atributo GID primário" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "Atributo GECOS" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "Atributo da pasta pessoal" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "Atributo da Shell" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "Atributo UUID" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "Atributo principal do utilizador (para Kerberos)" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "Nome Completo" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "Atributo memberOf" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "Atributo da alteração da data" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 #, fuzzy msgid "shadowMin attribute" msgstr "Atributo do nome do utilizador" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 #, fuzzy msgid "shadowMax attribute" msgstr "Atributo do nome do utilizador" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 #, fuzzy msgid "shadowWarning attribute" msgstr "Atributo do nome do utilizador" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 #, fuzzy msgid "shadowInactive attribute" msgstr "Atributo do nome do utilizador" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 #, fuzzy msgid "shadowExpire attribute" msgstr "Atributo do nome do utilizador" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 #, fuzzy msgid "shadowFlag attribute" msgstr "Atributo da Shell" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 #, fuzzy msgid "krbPasswordExpiration attribute" msgstr "Atributo da alteração da data" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 #, fuzzy msgid "accountExpires attribute of AD" msgstr "Atributo do nome do utilizador" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 #, fuzzy msgid "nsAccountLock attribute" msgstr "Atributo do nome do utilizador" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 #, fuzzy msgid "loginDisabled attribute of NDS" msgstr "Atributo do nome do utilizador" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 #, fuzzy msgid "loginExpirationTime attribute of NDS" msgstr "Atributo do nome do utilizador" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 #, fuzzy msgid "Base DN for group lookups" msgstr "DN base para pesquisa de utilizadores" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 #, fuzzy msgid "Objectclass for groups" msgstr "Objectclass para utilizadores" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 #, fuzzy msgid "Group name" msgstr "Grupos" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 #, fuzzy msgid "Group password" msgstr "Grupos" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 #, fuzzy msgid "GID attribute" msgstr "Atributo UID" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 #, fuzzy msgid "Group member attribute" msgstr "Atributo memberOf" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 #, fuzzy msgid "Group UUID attribute" msgstr "Atributo UUID" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 #, fuzzy msgid "Modification time attribute for groups" msgstr "Atributo da alteração da data" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 #, fuzzy msgid "Base DN for netgroup lookups" msgstr "DN base para pesquisa de utilizadores" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 #, fuzzy msgid "Objectclass for netgroups" msgstr "Objectclass para utilizadores" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 #, fuzzy msgid "Netgroups members attribute" msgstr "Atributo memberOf" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 #, fuzzy msgid "Netgroup triple attribute" msgstr "Atributo da alteração da data" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 #, fuzzy msgid "Netgroup UUID attribute" msgstr "Atributo UUID" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 #, fuzzy msgid "Modification time attribute for netgroups" msgstr "Atributo da alteração da data" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "Politica para avaliar a expiração da senha" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "Lista de utilizadores autorizados separados por vírgulas" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "Lista de utilizadores não autorizados separados por vírgulas" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "Shell pré-definida, /bin/bash" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "Directório base para as pastas pessoais" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "O nome da biblioteca NSS a utilizar" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "Stack PAM a utilizar" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "Tornar-se num serviço (omissão)" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "Executar interactivamente (não como serviço)" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "Especificar um ficheiro de configuração não standard" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "Nível de depuração" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "Adicionar tempos na depuração" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "Um descritor de ficheiro aberto para os registos de depuração" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "Domínio do fornecedor de informação (obrigatório)" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 #, fuzzy msgid "Unexpected format of the server credential message." msgstr "Localização da cache de credenciais dos utilizadores" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -828,35 +849,35 @@ msgstr "A sua senha irá expirar em %d %s." msgid "Authentication is denied until: " msgstr "Autenticação offline, a autenticação é negada até: " -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "O sistema está offline, a mudança de senha não é possível" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "Alteração da senha falhou." -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "Mensagem do Servidor: " -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "Nova Senha: " -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "Digite a senha novamente: " -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "Senha: " -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "Senha actual: " -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "A senha expirou. Altere a sua senha agora." @@ -973,30 +994,30 @@ msgstr "Não foi possível definir o contexto SELinux para a sessão\n" msgid "Cannot get info about the user\n" msgstr "Incapaz de obter informação acerca do utilizador\n" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "A pasta pessoal do utilizador já existe. Conteúdo skeldir não copiado\n" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "Incapaz de criar pasta pessoal do utilizador: %s\n" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "Incapaz de criar o ficheiro de correio do utilizador: %s\n" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "Incapaz de alocar um ID para o utilizador - domínio cheio?\n" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "Já existe um utilizador ou grupo com o mesmo nome ou ID\n" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "Erro na transacção. Não foi possível adicionar o utilizador.\n" diff --git a/po/pt_BR.po b/po/pt_BR.po index f5478b2f..28b6236f 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Portuguese (Brazilian) <trans-pt_br@lists.fedoraproject.org>\n" @@ -209,541 +209,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -777,35 +797,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -921,29 +941,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: ru\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-04-07 21:39+0300\n" "Last-Translator: Dmitry Drozdov <dmi3652@gmail.com>\n" "Language-Team: Russian <fedora-trans-ru@redhat.com>\n" @@ -220,581 +220,602 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" +msgstr "" + +#: src/config/SSSDConfig.py:98 msgid "IPA domain" msgstr "IPA-домен" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:99 msgid "IPA server address" msgstr "адрес сервера IPA" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:100 msgid "IPA client hostname" msgstr "имя узла клиента IPA" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:101 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:102 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:103 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "Имя сервера Kerberos" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "Область действия Kerberos" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "Тайм-аут проверки подлинности" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "Каталог для хранения кэшей учётных данных" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "Расположения кэша учётных данных пользователей" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "Расположение keytab-файла для проверки учётных данных" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "Включить проверку учётных данных" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 #, fuzzy msgid "Enables principal canonicalization" msgstr "Включить проверку учётных данных" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "Сервер, на котором запущена служба смены пароля (если не на KDC)" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, URI сервера LDAP " -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "Base DN по умолчанию" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Тип схемы, используемой на LDAP-сервере, rfc2307" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "Bind DN по умолчанию" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "Тип маркера проверки подлинности для bind DN по умолчанию" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "Маркер проверки подлинности для bind DN по умолчанию" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "Временной интервал для попытки соединения" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Временной интервал для попытки синхронизации операций LDAP" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" "Временной интервал между попытками возобновления соединения в автономного " "режиме" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 #, fuzzy msgid "File that contains CA certificates" msgstr "Файл, содержащий CA сертификаты" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 #, fuzzy msgid "File that contains the client certificate" msgstr "Файл, содержащий CA сертификаты" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 #, fuzzy msgid "File that contains the client key" msgstr "Файл, содержащий CA сертификаты" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "Требуется проверка сертификата TLS" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "Укажите механизм sasl" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "Укажите идентификатор авторизации sasl" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 #, fuzzy msgid "Specify the sasl authorization realm to use" msgstr "Укажите идентификатор авторизации sasl" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +#, fuzzy +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "Укажите идентификатор авторизации sasl" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "Keytab-файл службы Kerberos" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "Следовать ссылкам LDAP" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 #, fuzzy msgid "Lifetime of TGT for LDAP connection" msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 #, fuzzy msgid "Service name for DNS service lookups" msgstr "Фильтр поиска" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 #, fuzzy msgid "entryUSN attribute" msgstr "Атрибут «UID»" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 #, fuzzy msgid "lastUSN attribute" msgstr "Атрибут «UID»" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "Временной интервал, в течение которого ожидать поискового запроса" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 #, fuzzy msgid "Length of time to wait for a enumeration request" msgstr "Временной интервал, в течение которого ожидать поискового запроса" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "Временной интервал между обновлениями перечисления" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 #, fuzzy msgid "Length of time between cache cleanups" msgstr "Временной интервал между обновлениями перечисления" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 #, fuzzy msgid "Require TLS for ID lookups" msgstr "Требуется TLS для поиска ID" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "Base DN для поиска" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "Глубина поиска" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "Фильтр поиска" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "Objectclass для пользователей" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "Атрибут «username»" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "Атрибут «UID»" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "Атрибут «primary GID»" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "Атрибут «GECOS»" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "Атрибут домашнего каталога" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "Атрибут оболочки" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "Атрибут «UUID»" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "Атрибут участника-пользователя (для Kerberos)" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "Полное имя" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "Атрибут memberOf" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "Атрибут времени изменения" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 #, fuzzy msgid "shadowMin attribute" msgstr "Атрибут «username»" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 #, fuzzy msgid "shadowMax attribute" msgstr "Атрибут «username»" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 #, fuzzy msgid "shadowWarning attribute" msgstr "Атрибут «username»" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 #, fuzzy msgid "shadowInactive attribute" msgstr "Атрибут «username»" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 #, fuzzy msgid "shadowExpire attribute" msgstr "Атрибут «username»" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 #, fuzzy msgid "shadowFlag attribute" msgstr "Атрибут оболочки" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 #, fuzzy msgid "krbPasswordExpiration attribute" msgstr "Атрибут времени изменения" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 #, fuzzy msgid "accountExpires attribute of AD" msgstr "Атрибут «username»" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 #, fuzzy msgid "nsAccountLock attribute" msgstr "Атрибут «username»" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 #, fuzzy msgid "loginDisabled attribute of NDS" msgstr "Атрибут «username»" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 #, fuzzy msgid "loginExpirationTime attribute of NDS" msgstr "Атрибут «username»" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 #, fuzzy msgid "Base DN for group lookups" msgstr "Base DN для поиска" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 #, fuzzy msgid "Objectclass for groups" msgstr "Objectclass для пользователей" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 #, fuzzy msgid "Group name" msgstr "Группы" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 #, fuzzy msgid "Group password" msgstr "Группы" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 #, fuzzy msgid "GID attribute" msgstr "Атрибут «UID»" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 #, fuzzy msgid "Group member attribute" msgstr "Атрибут memberOf" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 #, fuzzy msgid "Group UUID attribute" msgstr "Атрибут «UUID»" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 #, fuzzy msgid "Modification time attribute for groups" msgstr "Атрибут времени изменения" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 #, fuzzy msgid "Base DN for netgroup lookups" msgstr "Base DN для поиска" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 #, fuzzy msgid "Objectclass for netgroups" msgstr "Objectclass для пользователей" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 #, fuzzy msgid "Netgroups members attribute" msgstr "Атрибут memberOf" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 #, fuzzy msgid "Netgroup triple attribute" msgstr "Атрибут времени изменения" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 #, fuzzy msgid "Netgroup UUID attribute" msgstr "Атрибут «UUID»" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 #, fuzzy msgid "Modification time attribute for netgroups" msgstr "Атрибут времени изменения" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "Политика вычисления окончания срока действия пароля" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "Разделённый запятыми список разрешённых пользователей" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "Разделённый запятыми список запрещённых пользователей" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "Оболочка по умолчанию, /bin/bash" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "Место для домашних каталогов" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "Имя используемой библиотеки NSS" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "Используемый стек PAM" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "Запускаться в качестве службы (по умолчанию)" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "Запускаться интерактивно (не службой)" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "Указать файл конфигурации" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "Уровень отладки" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "Добавить отладочные отметки времени" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "Открытый дескриптор файла для журналов отладки" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "Домен поставщика информации (обязательный)" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 #, fuzzy msgid "Unexpected format of the server credential message." msgstr "Расположения кэша учётных данных пользователей" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -829,35 +850,35 @@ msgstr ", срок действия вашего кэшированного па msgid "Authentication is denied until: " msgstr "Автономная проверка подлинности, проверка подлинности запрещена до:" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "Система находится в автономном режиме, невозможно сменить пароль" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "Не удалось сменить пароль." -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "Сообщение сервера:" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "Новый пароль:" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "Введите новый пароль ещё раз:" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "Пароль:" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "Текущий пароль:" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "Срок действия пароля истёк. Необходимо сейчас изменить ваш пароль." @@ -976,31 +997,31 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "Не удалось получить информацию о пользователе\n" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "Домашний каталог пользователя уже существует, копирования данных из " "скелетной директории выполнено не будет\n" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "Не удалось создать домашний каталог пользователя: %s\n" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "Не удалось создать пользовательскую почтовую очередь: %s\n" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "Для пользователя не удалось выделить ID - домен заполнен?\n" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "Пользователь или группа с таким именем или ID уже существует\n" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "Ошибка в транзакции. Невозможно добавить пользователя.\n" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Slovak (http://www.transifex.net/projects/p/fedora/team/sk/)\n" @@ -209,541 +209,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -777,35 +797,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -921,29 +941,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Albanian (http://www.transifex.net/projects/p/fedora/team/" @@ -210,541 +210,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -778,35 +798,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -922,29 +942,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Serbian <trans-sr@lists.fedoraproject.org>\n" @@ -210,541 +210,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -778,35 +798,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -922,29 +942,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" diff --git a/po/sssd.pot b/po/sssd.pot index b7b07e9f..225e92e2 100644 --- a/po/sssd.pot +++ b/po/sssd.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -209,541 +209,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -777,35 +797,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -921,29 +941,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sss_server\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2009-12-30 17:58+0100\n" "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n" "Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n" @@ -213,580 +213,601 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" +msgstr "" + +#: src/config/SSSDConfig.py:98 msgid "IPA domain" msgstr "IPA-domän" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:99 msgid "IPA server address" msgstr "IPA-serveradress" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:100 msgid "IPA client hostname" msgstr "IPA-klienvärdnamn" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:101 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:102 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:103 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "Kerberosserveradress" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "Kerberosrike" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "Autentiseringstidsgräns" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "Katalog att lagra kreditiv-cachar i" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "Plats för användarens kreditiv-cache" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "Plats för nyckeltabellen för att validera kreditiv" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "Aktivera validering av kreditiv" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 #, fuzzy msgid "Enables principal canonicalization" msgstr "Aktivera validering av kreditiv" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, URI:n för LDAP-servern" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "Standard bas-DN" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Schematypen som används i LDAP-servern, rfc2307" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "Standard bindnings-DN" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "Typen på autenticerings-token för standard bindnings-DN" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "Autenticerings-token för standard bindnings-DN" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "Tidslängd att försöka ansluta" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Tidslängd att försök synkrona LDAP-operationer" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "Tidslängd mellan försök att återansluta under frånkoppling" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 #, fuzzy msgid "File that contains CA certificates" msgstr "fil som innehåller CA-certifikat" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 #, fuzzy msgid "File that contains the client certificate" msgstr "fil som innehåller CA-certifikat" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 #, fuzzy msgid "File that contains the client key" msgstr "fil som innehåller CA-certifikat" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "Kräv TLS-certifikatverifiering" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "Ange sasl-mekanismen att använda" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "Ange sasl-auktorisering-id att använda" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 #, fuzzy msgid "Specify the sasl authorization realm to use" msgstr "Ange sasl-auktorisering-id att använda" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +#, fuzzy +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "Ange sasl-auktorisering-id att använda" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "Kerberostjänstens nyckeltabell" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "Avnänd Kerberosautenticering för LDAP-anslutning" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 #, fuzzy msgid "Lifetime of TGT for LDAP connection" msgstr "Avnänd Kerberosautenticering för LDAP-anslutning" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 #, fuzzy msgid "Service name for DNS service lookups" msgstr "Filter för användaruppslagningar" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 #, fuzzy msgid "entryUSN attribute" msgstr "UID-attribut" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 #, fuzzy msgid "lastUSN attribute" msgstr "UID-attribut" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "Tidslängd att vänta på en sökbegäran" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 #, fuzzy msgid "Length of time to wait for a enumeration request" msgstr "Tidslängd att vänta på en sökbegäran" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "Tidslängd mellan uppräkningsuppdateringar" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 #, fuzzy msgid "Length of time between cache cleanups" msgstr "Tidslängd mellan uppräkningsuppdateringar" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 #, fuzzy msgid "Require TLS for ID lookups" msgstr "Kräv TLS för ID-uppslagningar, falsk" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "Bas-DN för användaruppslagningar" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "Omfång av användaruppslagningar" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "Filter för användaruppslagningar" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "Objektklass för användare" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "Användarnamnsattribut" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "UID-attribut" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "Primärt GID-attribut" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "GECOS-attribut" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "Hemkatalogattribut" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "Skalattribut" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "UUID-attribut" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "Användarens huvudmansattribut (för Kerberos)" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "Fullständigt namn" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "medlemAv-attribut" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "Modifieringstidsattribut" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 #, fuzzy msgid "shadowMin attribute" msgstr "Användarnamnsattribut" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 #, fuzzy msgid "shadowMax attribute" msgstr "Användarnamnsattribut" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 #, fuzzy msgid "shadowWarning attribute" msgstr "Användarnamnsattribut" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 #, fuzzy msgid "shadowInactive attribute" msgstr "Användarnamnsattribut" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 #, fuzzy msgid "shadowExpire attribute" msgstr "Användarnamnsattribut" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 #, fuzzy msgid "shadowFlag attribute" msgstr "Skalattribut" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 #, fuzzy msgid "krbPasswordExpiration attribute" msgstr "Modifieringstidsattribut" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 #, fuzzy msgid "accountExpires attribute of AD" msgstr "Användarnamnsattribut" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 #, fuzzy msgid "nsAccountLock attribute" msgstr "Användarnamnsattribut" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 #, fuzzy msgid "loginDisabled attribute of NDS" msgstr "Användarnamnsattribut" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 #, fuzzy msgid "loginExpirationTime attribute of NDS" msgstr "Användarnamnsattribut" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 #, fuzzy msgid "Base DN for group lookups" msgstr "Bas-DN för användaruppslagningar" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 #, fuzzy msgid "Objectclass for groups" msgstr "Objektklass för användare" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 #, fuzzy msgid "Group name" msgstr "Grupper" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 #, fuzzy msgid "Group password" msgstr "Grupper" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 #, fuzzy msgid "GID attribute" msgstr "UID-attribut" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 #, fuzzy msgid "Group member attribute" msgstr "medlemAv-attribut" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 #, fuzzy msgid "Group UUID attribute" msgstr "UUID-attribut" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 #, fuzzy msgid "Modification time attribute for groups" msgstr "Modifieringstidsattribut" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 #, fuzzy msgid "Base DN for netgroup lookups" msgstr "Bas-DN för användaruppslagningar" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 #, fuzzy msgid "Objectclass for netgroups" msgstr "Objektklass för användare" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 #, fuzzy msgid "Netgroups members attribute" msgstr "medlemAv-attribut" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 #, fuzzy msgid "Netgroup triple attribute" msgstr "Modifieringstidsattribut" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 #, fuzzy msgid "Netgroup UUID attribute" msgstr "UUID-attribut" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 #, fuzzy msgid "Modification time attribute for netgroups" msgstr "Modifieringstidsattribut" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "Policy för att utvärdera utgång av lösenord" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "Standardskal, /bin/bash" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "Bas för hemkataloger" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "Namnet på NSS-biblioteket att använda" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "PAM-stack att använda" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 #, fuzzy msgid "An open file descriptor for the debug logs" msgstr "Ange pratsamhet för felsökningsloggning" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 #, fuzzy msgid "Unexpected format of the server credential message." msgstr "Plats för användarens kreditiv-cache" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -821,37 +842,37 @@ msgstr "Lösenordet har gått ut." msgid "Authentication is denied until: " msgstr "Autentiseringstidsgräns" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 #, fuzzy msgid "Password change failed. " msgstr "Leverantör av lösenordsändringar" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "Nytt lösenord: " -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "Skriv det nya lösenordet igen: " -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "Lösenord: " -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 #, fuzzy msgid "Current Password: " msgstr "Nytt lösenord: " -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -969,31 +990,31 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "Kan inte få information om användaren\n" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "Användarens hemkatalog finns redan, kopierar inte data från " "skelettkatalogen\n" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "Kan inte skapa användarens hemkatalog: %s\n" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "Kan inte skapa användarens brevlåda: %s\n" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "Det gick inte att allokera ID för användaren - full domän?\n" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "En användare eller grupp med samma namn eller ID finns redan\n" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "Transaktionsfel. Det gick inte att lägga till användaren.\n" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Tamil <tamil-users@lists.fedoraproject.org>\n" @@ -209,541 +209,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -777,35 +797,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -921,29 +941,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Turkish (http://www.transifex.net/projects/p/fedora/team/" @@ -210,541 +210,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -778,35 +798,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -922,29 +942,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2011-03-08 15:07+0000\n" "Last-Translator: sgallagh <sgallagh@redhat.com>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -225,556 +225,577 @@ msgstr "Частина запиту щодо виявлення служби DNS msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" +msgstr "" + +#: src/config/SSSDConfig.py:98 msgid "IPA domain" msgstr "Домен IPA" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:99 msgid "IPA server address" msgstr "Адреса сервера IPA" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:100 msgid "IPA client hostname" msgstr "Назва вузла клієнта IPA" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:101 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Визначає, чи слід автоматично оновлювати запис DNS клієнтського вузла у " "FreeIPA" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:102 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "Інтерфейс, чию адресу IP має бути використано для динамічних оновлень DNS" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:103 msgid "Search base for HBAC related objects" msgstr "Шукати у базі об’єкти, пов’язані з HBAC" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "Адреса сервера Kerberos" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "Область Kerberos" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "Час очікування на розпізнавання" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "Каталог, де зберігатиметься кеш реєстраційних даних" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "Адреса кешу реєстраційних даних користувача" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "Адреса таблиці ключів для перевірки реєстраційних даних" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "Увімкнути перевірку реєстраційних даних" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "Зберігати пароль у автономному режимі для розпізнавання у мережі" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "Поновлюваний строк дії TGT" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "Строк дії TGT" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "Граничний час між двома перевірками для поновлення" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "Вмикає FAST" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 #, fuzzy msgid "Enables principal canonicalization" msgstr "Увімкнути перевірку реєстраційних даних" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Сервер, на якому запущено службу зміни паролів, якщо такий не вдасться " "виявити у KDC" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, адреса URI сервера LDAP" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "Типова базова назва домену" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Тип схеми, використаний на сервері LDAP, rfc2307" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "Типова назва домену прив’язки" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "Тип розпізнавання для типової назви сервера прив’язки" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "Лексема розпізнавання типової назви сервера прив’язки" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "Проміжок часу між спробами встановлення з’єднання" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Проміжок часу між спробами виконання синхронних операцій LDAP" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" "Проміжок часу між повторними спробами встановлення з’єднання у автономному " "режимі" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "Використовувати для назв областей лише великі літери" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "Файл, що містить сертифікати CA" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "Шлях до каталогу сертифікатів CA" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "Файл, що містить клієнтський сертифікат" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "Файл, що містить клієнтський ключ" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "Показати список можливих інструментів шифрування" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "Потрібна перевірка сертифіката TLS" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "Вкажіть механізм SASL, який слід використовувати" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 #, fuzzy msgid "Specify the sasl authorization realm to use" msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +#, fuzzy +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "Таблиця ключів служби Kerberos" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "Розпізнавання Kerberos для з’єднання LDAP" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "Переходити за посиланнями LDAP" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "Строк дії TGT для з’єднання LDAP" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "Спосіб розіменування псевдонімів" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "Назва служби для пошуків за допомогою служби DNS" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "Атрибут entryUSN" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "Атрибут lastUSN" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "Тривалість очікування на дані запиту пошуку" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "Тривалість очікування на дані запиту щодо переліку" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "Проміжок часу між оновленнями нумерації" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "Проміжок часу між спорожненнями кешу" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "Вимагати TLS для пошуків ідентифікаторів" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "Базова назва домену для пошуків користувачів" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "Діапазон пошуків користувачів" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "Фільтр пошуку користувачів" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "Клас об’єктів для користувачів" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "Атрибут імені користувача" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "Атрибут UID" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "Головний атрибут GID" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "Атрибут GECOS" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "Атрибут домашнього каталогу" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "Атрибут оболонки" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "Атрибут UUID" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "Атрибут реєстраційного запису користувача (для Kerberos)" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "Повне ім'я" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "Атрибут memberOf" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "Атрибут часу зміни" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "Атрибут shadowLastChange" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "Атрибут shadowMin" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "Атрибут shadowMax" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "Атрибут shadowWarning" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "Атрибут shadowInactive" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "Атрибут shadowExpire" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "Атрибут shadowFlag" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "Атрибути зі списком уповноважених служб PAM" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 #, fuzzy msgid "Attribute listing authorized server hosts" msgstr "Атрибути зі списком уповноважених служб PAM" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "Атрибут krbLastPwdChange" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "Атрибут krbPasswordExpiration" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" "Атрибут, що відповідає за активізацію правил обробки паролів на боці сервера" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "Атрибут accountExpires AD" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "Атрибут userAccountControl AD" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "Атрибут nsAccountLock" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 #, fuzzy msgid "loginDisabled attribute of NDS" msgstr "Атрибут accountExpires AD" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 #, fuzzy msgid "loginExpirationTime attribute of NDS" msgstr "Атрибут accountExpires AD" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "Базова назва домену для пошуків груп" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "Клас об’єктів для груп" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "Назва групи" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "Пароль групи" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "Атрибут GID" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "Атрибут членства у групі" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "Атрибут UUID групи" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "Атрибут часу зміни для груп" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "Максимальний рівень вкладеності, який використовуватиме SSSD" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "Базова назва домену для пошуків груп у мережі" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "Клас об’єктів для груп у мережі" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "Назва мережевої групи" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "Атрибут членства у групах у мережі" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "Атрибут трійки груп у мережі" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "Атрибут UUID груп у мережі" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "Атрибут часу зміни для мережевих груп" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "Правила оцінки завершення строку дії пароля" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "Фільтр LDAP для визначення прав доступу" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" "Атрибути які слід використовувати для визначення чинності облікового запису" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" "Правила, які має бути використано для визначення достатності прав доступу" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "Адреса на сервері LDAP, для якої можливі зміни паролів" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "Назва у службі DNS сервера зміни паролів LDAP" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "Відокремлений комами список дозволених користувачів" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "Відокремлений комами список заборонених користувачів" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "Типова оболонка, /bin/bash" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "Базова адреса домашніх каталогів" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "Назва бібліотеки NSS, яку слід використовувати" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "Стек PAM, який слід використовувати" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "Запуститися фонову службу (типова поведінка)" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "Запустити у інтерактивному режимі (без фонової служби)" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "Вказати нетиповий файл налаштувань" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "Рівень зневаджування" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "Додавати діагностичні часові позначки" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "Дескриптор відкритого файла для запису журналів діагностики" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "Домен надання відомостей (обов’язковий)" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "У привілейованого сокета помилковий власник або права доступу." -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "У відкритого сокета помилковий власник або права доступу." -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "Некоректний формат повідомлення щодо реєстраційних даних сервера." -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "SSSD запущено не від імені користувача root." -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "Сталася помилка, але не вдалося знайти її опису." -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "Неочікувана помилка під час пошуку опису помилки" @@ -808,35 +829,35 @@ msgstr "Строк дії вашого пароля завершиться за msgid "Authentication is denied until: " msgstr "Розпізнавання заборонено до: " -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "Система працює у автономному режимі, зміна пароля неможлива" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "Спроба зміни пароля зазнала невдачі. " -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "Повідомлення сервера: " -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "Новий пароль: " -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "Ще раз введіть новий пароль: " -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "Пароль: " -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "Поточний пароль: " -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "Строк дії пароля вичерпано. Змініть ваш пароль." @@ -953,34 +974,34 @@ msgstr "Не вдалося встановити контекст входу SEL msgid "Cannot get info about the user\n" msgstr "Не вдалося отримати відомості щодо користувача\n" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "Домашній каталог користувача вже існує, копіювання даних з каталогу skel не " "виконуватиметься\n" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "Не вдалося створити домашній каталог користувача: %s\n" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "Не вдалося створити поштовий буфер користувача: %s\n" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" "Не вдалося отримати ідентифікатор для користувача. Домен переповнено?\n" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" "Вже існує користувач або група з таким самим іменем, назвою або " "ідентифікатором\n" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "Помилка під час виконання операції. Не вдалося додати користувача.\n" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Vietnamese (http://www.transifex.net/projects/p/fedora/team/" @@ -210,541 +210,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -778,35 +798,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -922,29 +942,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" diff --git a/po/zh_CN.po b/po/zh_CN.po index 8d7d5fed..2968b3cb 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Chinese (China) (http://www.transifex.net/projects/p/fedora/" @@ -210,541 +210,561 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 -msgid "IPA domain" +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig.py:98 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig.py:99 -msgid "IPA client hostname" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig.py:100 -msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig.py:101 -msgid "The interface whose IP should be used for dynamic DNS updates" +msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig.py:102 -msgid "Search base for HBAC related objects" +msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig.py:103 +msgid "Search base for HBAC related objects" +msgstr "" + +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -778,35 +798,35 @@ msgstr "" msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "" @@ -922,29 +942,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "" diff --git a/po/zh_TW.po b/po/zh_TW.po index 0919bd63..e0adc2b0 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: sss_daemon 1.1.0\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-11-02 16:03-0400\n" +"POT-Creation-Date: 2011-12-19 11:15-0500\n" "PO-Revision-Date: 2010-03-22 22:00+0800\n" "Last-Translator: Cheng-Chia Tseng <pswo10680@gmail.com>\n" "Language-Team: Fedora-trans-zh_tw <trans-zh_tw@lists.fedoraproject.org>\n" @@ -221,582 +221,603 @@ msgstr "" msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:97 +#: src/config/SSSDConfig.py:95 +msgid "Treat usernames as case sensitive" +msgstr "" + +#: src/config/SSSDConfig.py:98 msgid "IPA domain" msgstr "IPA 網域" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:99 msgid "IPA server address" msgstr "IPA 伺服器位址" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:100 msgid "IPA client hostname" msgstr "IPA 客戶端主機名稱" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:101 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:102 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:103 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:104 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:105 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108 +#: src/config/SSSDConfig.py:106 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "" + +#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 msgid "Kerberos server address" msgstr "Kerberos 伺服器位址" -#: src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:111 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:112 msgid "Authentication timeout" msgstr "認證逾時" -#: src/config/SSSDConfig.py:113 +#: src/config/SSSDConfig.py:115 msgid "Directory to store credential caches" msgstr "儲存憑證快取的目錄" -#: src/config/SSSDConfig.py:114 +#: src/config/SSSDConfig.py:116 msgid "Location of the user's credential cache" msgstr "使用者憑證快取的位置" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:117 msgid "Location of the keytab to validate credentials" msgstr "驗證憑證用的金鑰表格位置" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:118 msgid "Enable credential validation" msgstr "啟用憑證驗證" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:119 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:120 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:121 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:122 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:123 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:124 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:125 #, fuzzy msgid "Enables principal canonicalization" msgstr "啟用憑證驗證" -#: src/config/SSSDConfig.py:126 +#: src/config/SSSDConfig.py:128 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:129 +#: src/config/SSSDConfig.py:131 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:130 +#: src/config/SSSDConfig.py:132 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:133 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:134 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:135 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:136 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:137 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:138 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:139 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:140 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:141 #, fuzzy msgid "File that contains CA certificates" msgstr "含有 CA 憑證的檔案" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:142 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:143 #, fuzzy msgid "File that contains the client certificate" msgstr "含有 CA 憑證的檔案" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:144 #, fuzzy msgid "File that contains the client key" msgstr "含有 CA 憑證的檔案" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:145 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:146 msgid "Require TLS certificate verification" msgstr "需要 TLS 憑證驗證" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:147 msgid "Specify the sasl mechanism to use" msgstr "指定要使用的 sasl 機制" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:148 msgid "Specify the sasl authorization id to use" msgstr "指定要使用的 sasl 認證 id" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:149 #, fuzzy msgid "Specify the sasl authorization realm to use" msgstr "指定要使用的 sasl 認證 id" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:150 +#, fuzzy +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "指定要使用的 sasl 認證 id" + +#: src/config/SSSDConfig.py:151 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:152 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:153 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:154 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:155 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:156 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:157 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:158 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:159 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:161 #, fuzzy msgid "entryUSN attribute" msgstr "UID 屬性" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:162 #, fuzzy msgid "lastUSN attribute" msgstr "UID 屬性" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:164 +msgid "How long to retain a connection to the LDAP server before disconnecting" +msgstr "" + +#: src/config/SSSDConfig.py:167 msgid "Length of time to wait for a search request" msgstr "搜尋請求的等候時間長度" -#: src/config/SSSDConfig.py:163 +#: src/config/SSSDConfig.py:168 #, fuzzy msgid "Length of time to wait for a enumeration request" msgstr "搜尋請求的等候時間長度" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:169 #, fuzzy msgid "Length of time between enumeration updates" msgstr "在列舉更新之間的長度" -#: src/config/SSSDConfig.py:165 +#: src/config/SSSDConfig.py:170 #, fuzzy msgid "Length of time between cache cleanups" msgstr "在列舉更新之間的長度" -#: src/config/SSSDConfig.py:166 +#: src/config/SSSDConfig.py:171 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:172 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:173 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:174 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:175 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:176 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:178 #, fuzzy msgid "UID attribute" msgstr "UID 屬性" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:179 #, fuzzy msgid "Primary GID attribute" msgstr "主要 GID 屬性" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:180 #, fuzzy msgid "GECOS attribute" msgstr "GEOS 屬性" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:181 #, fuzzy msgid "Home directory attribute" msgstr "家目錄屬性" -#: src/config/SSSDConfig.py:177 +#: src/config/SSSDConfig.py:182 #, fuzzy msgid "Shell attribute" msgstr "Shell 屬性" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:183 #, fuzzy msgid "UUID attribute" msgstr "UUID 屬性" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:184 #, fuzzy msgid "User principal attribute (for Kerberos)" msgstr "使用者原則屬性(供 Kerberos 使用)" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:185 msgid "Full Name" msgstr "全名" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:186 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:187 #, fuzzy msgid "Modification time attribute" msgstr "修改時間屬性" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:189 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:190 #, fuzzy msgid "shadowMin attribute" msgstr "Shell 屬性" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:191 #, fuzzy msgid "shadowMax attribute" msgstr "Shell 屬性" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:192 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:188 +#: src/config/SSSDConfig.py:193 #, fuzzy msgid "shadowInactive attribute" msgstr "修改時間屬性" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:194 #, fuzzy msgid "shadowExpire attribute" msgstr "Shell 屬性" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:195 #, fuzzy msgid "shadowFlag attribute" msgstr "Shell 屬性" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:196 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:197 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:198 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:199 #, fuzzy msgid "krbPasswordExpiration attribute" msgstr "修改時間屬性" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:200 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:201 #, fuzzy msgid "accountExpires attribute of AD" msgstr "Shell 屬性" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:202 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:203 #, fuzzy msgid "nsAccountLock attribute" msgstr "Shell 屬性" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:204 #, fuzzy msgid "loginDisabled attribute of NDS" msgstr "Shell 屬性" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:205 #, fuzzy msgid "loginExpirationTime attribute of NDS" msgstr "Shell 屬性" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:206 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:208 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:211 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:207 +#: src/config/SSSDConfig.py:212 #, fuzzy msgid "Group name" msgstr "群組" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:213 #, fuzzy msgid "Group password" msgstr "群組" -#: src/config/SSSDConfig.py:209 +#: src/config/SSSDConfig.py:214 #, fuzzy msgid "GID attribute" msgstr "UID 屬性" -#: src/config/SSSDConfig.py:210 +#: src/config/SSSDConfig.py:215 #, fuzzy msgid "Group member attribute" msgstr "家目錄屬性" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:216 #, fuzzy msgid "Group UUID attribute" msgstr "UUID 屬性" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:217 #, fuzzy msgid "Modification time attribute for groups" msgstr "修改時間屬性" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:219 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:221 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:222 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:218 +#: src/config/SSSDConfig.py:223 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:224 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:220 +#: src/config/SSSDConfig.py:225 #, fuzzy msgid "Netgroup triple attribute" msgstr "修改時間屬性" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:226 #, fuzzy msgid "Netgroup UUID attribute" msgstr "UUID 屬性" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:227 #, fuzzy msgid "Modification time attribute for netgroups" msgstr "修改時間屬性" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:230 msgid "Policy to evaluate the password expiration" msgstr "評估密碼過期時效的策略" -#: src/config/SSSDConfig.py:228 +#: src/config/SSSDConfig.py:233 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:229 +#: src/config/SSSDConfig.py:234 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:235 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:238 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:239 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:237 +#: src/config/SSSDConfig.py:242 msgid "Comma separated list of allowed users" msgstr "許可的使用者清單,請使用半形逗號作為分隔" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:243 msgid "Comma separated list of prohibited users" msgstr "被禁止的使用者清單,請使用半形逗號作為分隔" -#: src/config/SSSDConfig.py:241 +#: src/config/SSSDConfig.py:246 msgid "Default shell, /bin/bash" msgstr "預設 shell,/bin/bash" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:247 #, fuzzy msgid "Base for home directories" msgstr "家目錄的基礎" -#: src/config/SSSDConfig.py:245 +#: src/config/SSSDConfig.py:250 msgid "The name of the NSS library to use" msgstr "要使用的 NSS 函式庫名稱" -#: src/config/SSSDConfig.py:248 +#: src/config/SSSDConfig.py:253 msgid "PAM stack to use" msgstr "要使用的 PAM 堆疊" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2369 msgid "Become a daemon (default)" msgstr "作為幕後程式 (預設)" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2371 msgid "Run interactive (not a daemon)" msgstr "以互動方式執行 (非幕後程式)" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2373 msgid "Specify a non-default config file" msgstr "指定非預設的配置檔" -#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368 +#: src/monitor/monitor.c:2375 +msgid "Print version number and exit" +msgstr "" + +#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368 #: src/util/util.h:89 msgid "Debug level" msgstr "除錯層級" -#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370 +#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "加入除錯時間戳記" -#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372 +#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374 +#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374 #, fuzzy msgid "An open file descriptor for the debug logs" msgstr "供除錯日誌使用的開啟檔案描述符" -#: src/providers/data_provider_be.c:1196 +#: src/providers/data_provider_be.c:1363 #, fuzzy msgid "Domain of the information provider (mandatory)" msgstr "資訊提供者的網域(委任)" -#: src/sss_client/common.c:821 +#: src/sss_client/common.c:839 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:824 +#: src/sss_client/common.c:842 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:827 +#: src/sss_client/common.c:845 #, fuzzy msgid "Unexpected format of the server credential message." msgstr "使用者憑證快取的位置" -#: src/sss_client/common.c:830 +#: src/sss_client/common.c:848 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:835 +#: src/sss_client/common.c:853 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:841 +#: src/sss_client/common.c:859 msgid "Unexpected error while looking for an error description" msgstr "" @@ -831,35 +852,35 @@ msgstr ",您快取的密碼將在此刻過期:" msgid "Authentication is denied until: " msgstr "離線認證,認證被定義到:" -#: src/sss_client/pam_sss.c:761 +#: src/sss_client/pam_sss.c:755 msgid "System is offline, password change not possible" msgstr "系統已離線,不可能作密碼變更" -#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804 +#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 msgid "Password change failed. " msgstr "密碼變更失敗。" -#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805 +#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 msgid "Server message: " msgstr "伺服器訊息:" -#: src/sss_client/pam_sss.c:1223 +#: src/sss_client/pam_sss.c:1217 msgid "New Password: " msgstr "新密碼:" -#: src/sss_client/pam_sss.c:1224 +#: src/sss_client/pam_sss.c:1218 msgid "Reenter new Password: " msgstr "再次輸入新密碼:" -#: src/sss_client/pam_sss.c:1310 +#: src/sss_client/pam_sss.c:1304 msgid "Password: " msgstr "密碼:" -#: src/sss_client/pam_sss.c:1342 +#: src/sss_client/pam_sss.c:1336 msgid "Current Password: " msgstr "目前的密碼:" -#: src/sss_client/pam_sss.c:1489 +#: src/sss_client/pam_sss.c:1483 msgid "Password expired. Change your password now." msgstr "密碼已過期。請立刻變更您的密碼。" @@ -977,29 +998,29 @@ msgstr "" msgid "Cannot get info about the user\n" msgstr "無法取得關於這位使用者的資訊\n" -#: src/tools/sss_useradd.c:231 +#: src/tools/sss_useradd.c:229 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "使用者的家目錄已經存在,不會從骨幹目錄複製資料\n" -#: src/tools/sss_useradd.c:234 +#: src/tools/sss_useradd.c:232 #, c-format msgid "Cannot create user's home directory: %s\n" msgstr "無法建立使用者的家目錄:%s\n" -#: src/tools/sss_useradd.c:245 +#: src/tools/sss_useradd.c:243 #, c-format msgid "Cannot create user's mail spool: %s\n" msgstr "無法建立使用者的郵件 spool:%s\n" -#: src/tools/sss_useradd.c:257 +#: src/tools/sss_useradd.c:255 msgid "Could not allocate ID for the user - domain full?\n" msgstr "無法為使用者分配 ID - 網域已滿?\n" -#: src/tools/sss_useradd.c:261 +#: src/tools/sss_useradd.c:259 msgid "A user or group with the same name or ID already exists\n" msgstr "已經存在相同名稱的使用者或群組\n" -#: src/tools/sss_useradd.c:267 +#: src/tools/sss_useradd.c:265 msgid "Transaction error. Could not add user.\n" msgstr "處理事項發生錯誤。無法加入使用者。\n" diff --git a/src/man/po/as.po b/src/man/po/as.po index 270dc37b..60a7a9ff 100644 --- a/src/man/po/as.po +++ b/src/man/po/as.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Assamese (http://www.transifex.net/projects/p/fedora/team/" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -797,7 +797,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -936,7 +936,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1307,6 +1307,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1316,29 +1333,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1346,19 +1363,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1366,73 +1383,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1440,17 +1457,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1459,17 +1476,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1477,17 +1494,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1495,18 +1512,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1536,7 +1553,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1545,7 +1562,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1596,7 +1613,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2439,73 +2456,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2513,7 +2555,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2521,17 +2563,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2539,17 +2581,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2560,12 +2602,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2573,29 +2615,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2603,13 +2664,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2617,27 +2678,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2645,7 +2714,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2653,7 +2722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2661,41 +2730,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2704,38 +2773,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2743,90 +2812,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2834,27 +2903,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2866,7 +2935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2874,7 +2943,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2882,53 +2951,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2937,7 +3006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2945,61 +3014,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3009,12 +3078,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3023,14 +3092,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3039,24 +3108,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3064,19 +3133,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3085,7 +3154,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3093,7 +3162,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3102,89 +3171,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3201,74 +3270,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3276,33 +3345,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3310,7 +3379,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3318,7 +3387,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3332,18 +3401,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3352,7 +3421,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3543,7 +3612,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3671,7 +3740,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3742,32 +3811,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3777,109 +3852,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3887,17 +3962,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3906,26 +3981,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3933,7 +4126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3943,7 +4136,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4072,30 +4265,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4103,31 +4306,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4769,7 +4972,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4786,7 +4989,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/bn.po b/src/man/po/bn.po index 44855b60..2e2898b1 100644 --- a/src/man/po/bn.po +++ b/src/man/po/bn.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Bengali <info@ankur.org.bd>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/bs.po b/src/man/po/bs.po index 2e87fc7b..e39fe767 100644 --- a/src/man/po/bs.po +++ b/src/man/po/bs.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Bosnian (http://www.transifex.net/projects/p/fedora/team/" @@ -107,9 +107,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -216,7 +216,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -445,8 +445,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -461,9 +461,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -798,7 +798,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -937,7 +937,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1308,6 +1308,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1317,29 +1334,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1347,19 +1364,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1367,73 +1384,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1441,17 +1458,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1460,17 +1477,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1478,17 +1495,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1496,18 +1513,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1537,7 +1554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1546,7 +1563,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1597,7 +1614,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1927,7 +1944,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1937,14 +1954,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2276,7 +2293,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2291,7 +2308,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2440,73 +2457,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2514,7 +2556,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2522,17 +2564,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2540,17 +2582,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2561,12 +2603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2574,29 +2616,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2604,13 +2665,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2618,27 +2679,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2646,7 +2715,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2654,7 +2723,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2662,41 +2731,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2705,38 +2774,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2744,90 +2813,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2835,27 +2904,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2867,7 +2936,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2875,7 +2944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2883,53 +2952,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2938,7 +3007,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2946,61 +3015,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3010,12 +3079,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3024,14 +3093,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3040,24 +3109,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3065,19 +3134,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3086,7 +3155,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3094,7 +3163,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3103,89 +3172,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3202,74 +3271,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3277,33 +3346,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3311,7 +3380,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3319,7 +3388,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3333,18 +3402,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3353,7 +3422,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3544,7 +3613,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3672,7 +3741,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3743,32 +3812,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3778,109 +3853,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3888,17 +3963,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3907,26 +3982,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3934,7 +4127,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3944,7 +4137,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4073,30 +4266,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4104,31 +4307,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4770,7 +4973,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4787,7 +4990,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/ca.po b/src/man/po/ca.po index 152be16e..bdaf18ab 100644 --- a/src/man/po/ca.po +++ b/src/man/po/ca.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Catalan <fedora@llistes.softcatala.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/cs.po b/src/man/po/cs.po index 7912c39e..2414d52e 100644 --- a/src/man/po/cs.po +++ b/src/man/po/cs.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: sss_daemon 1.2.3\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-10-25 10:46+0300\n" "Last-Translator: Automatically generated\n" "Language-Team: none\n" @@ -118,9 +118,9 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -241,7 +241,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -500,8 +500,8 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -517,9 +517,9 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -883,13 +883,12 @@ msgid "" "has been reached before a new login attempt is possible." msgstr "" -# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:513 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -1045,7 +1044,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1473,6 +1472,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1483,19 +1499,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." @@ -1503,13 +1519,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1517,7 +1533,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" @@ -1525,13 +1541,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><title> #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><para> #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1540,31 +1556,31 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." @@ -1572,18 +1588,18 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." @@ -1591,18 +1607,18 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." @@ -1610,13 +1626,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1625,19 +1641,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1647,19 +1663,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1668,19 +1684,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1689,20 +1705,20 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" # type: Content of: <reference><refentry><refsect1><para><programlisting> #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1732,7 +1748,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1742,7 +1758,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1798,7 +1814,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -2167,7 +2183,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -2179,7 +2195,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." @@ -2187,7 +2203,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2557,7 +2573,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2575,7 +2591,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2740,88 +2756,113 @@ msgstr "" msgid "The object class of a netgroup entry in LDAP." msgstr "" -# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2829,7 +2870,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2838,17 +2879,17 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2857,19 +2898,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2881,13 +2922,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2895,29 +2936,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2925,13 +2985,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2939,15 +2999,23 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -2955,7 +3023,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -2963,7 +3031,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2972,7 +3040,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2981,7 +3049,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2990,25 +3058,25 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -3016,7 +3084,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -3024,13 +3092,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -3039,38 +3107,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -3079,13 +3147,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." @@ -3093,13 +3161,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." @@ -3107,19 +3175,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." @@ -3127,54 +3195,54 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -3183,30 +3251,30 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -3218,7 +3286,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -3227,7 +3295,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -3236,43 +3304,43 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -3280,7 +3348,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -3288,7 +3356,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -3298,7 +3366,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3307,19 +3375,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -3327,48 +3395,48 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3379,13 +3447,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3395,7 +3463,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." @@ -3403,7 +3471,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3413,24 +3481,24 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3438,19 +3506,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3459,7 +3527,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3467,7 +3535,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3476,44 +3544,44 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -3521,13 +3589,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -3535,13 +3603,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -3549,7 +3617,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -3557,7 +3625,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -3565,7 +3633,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3583,25 +3651,25 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." @@ -3609,55 +3677,55 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3665,33 +3733,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3700,7 +3768,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3709,7 +3777,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><programlisting> #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3723,20 +3791,20 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3746,7 +3814,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3980,7 +4048,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -4116,7 +4184,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4187,7 +4255,6 @@ msgid "" "almost entirely self-discovered and obtained directly from the server." msgstr "" -# type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 msgid "" @@ -4195,22 +4262,28 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." @@ -4218,12 +4291,12 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -4234,13 +4307,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." @@ -4248,13 +4321,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." @@ -4262,13 +4335,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." @@ -4276,34 +4349,34 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." @@ -4311,41 +4384,41 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -4353,17 +4426,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -4372,27 +4445,145 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4401,7 +4592,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><programlisting> #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4412,7 +4603,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4555,21 +4746,34 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +# type: Content of: <varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +#, fuzzy +#| msgid "<option>-h</option>,<option>--help</option>" +msgid "<option>--version</option>" +msgstr "<option>-h</option>,<option>--help</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." @@ -4577,13 +4781,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4592,13 +4796,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." @@ -4606,13 +4810,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." @@ -4620,7 +4824,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -5331,7 +5535,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -5348,7 +5552,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/de.po b/src/man/po/de.po index 08fad76a..afbbc68e 100644 --- a/src/man/po/de.po +++ b/src/man/po/de.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: German <trans-de@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/el.po b/src/man/po/el.po index d8017248..527037f6 100644 --- a/src/man/po/el.po +++ b/src/man/po/el.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Greek <trans-el@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/es.po b/src/man/po/es.po index 4a3ff94f..addbb7f7 100644 --- a/src/man/po/es.po +++ b/src/man/po/es.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2011-03-08 15:06+0000\n" "Last-Translator: sgallagh <sgallagh@redhat.com>\n" "Language-Team: Spanish (Castilian) <None>\n" @@ -119,9 +119,9 @@ msgstr "" "<replaceable>GROUPS</replaceable>" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -256,7 +256,7 @@ msgid "The [sssd] section" msgstr "La sección [sssd]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "Parámetros de sección" @@ -520,8 +520,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -536,9 +536,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -879,7 +879,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -1018,7 +1018,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1391,6 +1391,27 @@ msgstr "reconnection_retries (entero)" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +#, fuzzy +#| msgid "try_inotify (boolean)" +msgid "case_sensitive (boolean)" +msgstr "try_inotify (booleano)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: True" +msgstr "Predeterminado: 3" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1400,29 +1421,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1430,19 +1451,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1450,73 +1471,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1524,17 +1545,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1543,17 +1564,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1561,17 +1582,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1579,18 +1600,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1620,7 +1641,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1629,7 +1650,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1680,7 +1701,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -2012,7 +2033,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -2022,14 +2043,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2363,7 +2384,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2378,7 +2399,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2529,73 +2550,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2603,7 +2649,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2611,17 +2657,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2629,17 +2675,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2650,12 +2696,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2663,31 +2709,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +#, fuzzy +#| msgid "reconnection_retries (integer)" +msgid "ldap_connection_expire_timeout (integer)" +msgstr "reconnection_retries (entero)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 900 (15 minutes)" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 #, fuzzy #| msgid "Default: 3" msgid "Default: 1000" msgstr "Predeterminado: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2695,13 +2764,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2709,27 +2778,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2737,7 +2814,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2745,7 +2822,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2753,41 +2830,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2796,38 +2873,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2835,92 +2912,92 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 #, fuzzy #| msgid "Default: 3" msgid "Default: false;" msgstr "Predeterminado: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2928,27 +3005,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2960,7 +3037,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2968,7 +3045,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2976,55 +3053,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 #, fuzzy #| msgid "try_inotify (boolean)" msgid "krb5_canonicalize (boolean)" msgstr "try_inotify (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -3033,7 +3110,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3041,61 +3118,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3105,12 +3182,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3119,14 +3196,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3135,24 +3212,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3160,19 +3237,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3181,7 +3258,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3189,7 +3266,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3198,89 +3275,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3297,74 +3374,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3372,33 +3449,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3406,7 +3483,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3414,7 +3491,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3428,18 +3505,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3448,7 +3525,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3659,7 +3736,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3787,7 +3864,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3858,32 +3935,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3893,111 +3976,111 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "ipa_hbac_refresh (integer)" msgstr "reconnection_retries (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -4005,19 +4088,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 #, fuzzy #| msgid "Default: 3" msgid "Default: 5 (seconds)" msgstr "Predeterminado: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -4026,28 +4109,160 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 #, fuzzy #| msgid "Default: 3" msgid "Default: DENY_ALL" msgstr "Predeterminado: 3" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: memberUser" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: memberHost" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: externalHost" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +#, fuzzy +#| msgid "full_name_format (string)" +msgid "ipa_netgroup_domain (string)" +msgstr "full_name_format (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: nisDomainName" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: ipaHost" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: fqdn" +msgstr "Predeterminado: 3" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4055,7 +4270,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4065,7 +4280,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4206,30 +4421,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4237,31 +4462,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4903,7 +5128,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4922,7 +5147,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/et.po b/src/man/po/et.po index 26ce9d51..23a175c8 100644 --- a/src/man/po/et.po +++ b/src/man/po/et.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Estonian (http://www.transifex.net/projects/p/fedora/team/" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -797,7 +797,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -936,7 +936,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1307,6 +1307,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1316,29 +1333,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1346,19 +1363,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1366,73 +1383,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1440,17 +1457,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1459,17 +1476,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1477,17 +1494,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1495,18 +1512,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1536,7 +1553,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1545,7 +1562,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1596,7 +1613,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2439,73 +2456,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2513,7 +2555,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2521,17 +2563,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2539,17 +2581,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2560,12 +2602,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2573,29 +2615,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2603,13 +2664,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2617,27 +2678,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2645,7 +2714,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2653,7 +2722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2661,41 +2730,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2704,38 +2773,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2743,90 +2812,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2834,27 +2903,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2866,7 +2935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2874,7 +2943,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2882,53 +2951,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2937,7 +3006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2945,61 +3014,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3009,12 +3078,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3023,14 +3092,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3039,24 +3108,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3064,19 +3133,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3085,7 +3154,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3093,7 +3162,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3102,89 +3171,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3201,74 +3270,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3276,33 +3345,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3310,7 +3379,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3318,7 +3387,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3332,18 +3401,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3352,7 +3421,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3543,7 +3612,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3671,7 +3740,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3742,32 +3811,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3777,109 +3852,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3887,17 +3962,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3906,26 +3981,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3933,7 +4126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3943,7 +4136,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4072,30 +4265,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4103,31 +4306,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4769,7 +4972,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4786,7 +4989,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/fa.po b/src/man/po/fa.po index 67f60474..bf5e80f0 100644 --- a/src/man/po/fa.po +++ b/src/man/po/fa.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Persian (http://www.transifex.net/projects/p/fedora/team/" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -797,7 +797,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -936,7 +936,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1307,6 +1307,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1316,29 +1333,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1346,19 +1363,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1366,73 +1383,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1440,17 +1457,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1459,17 +1476,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1477,17 +1494,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1495,18 +1512,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1536,7 +1553,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1545,7 +1562,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1596,7 +1613,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2439,73 +2456,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2513,7 +2555,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2521,17 +2563,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2539,17 +2581,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2560,12 +2602,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2573,29 +2615,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2603,13 +2664,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2617,27 +2678,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2645,7 +2714,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2653,7 +2722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2661,41 +2730,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2704,38 +2773,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2743,90 +2812,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2834,27 +2903,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2866,7 +2935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2874,7 +2943,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2882,53 +2951,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2937,7 +3006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2945,61 +3014,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3009,12 +3078,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3023,14 +3092,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3039,24 +3108,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3064,19 +3133,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3085,7 +3154,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3093,7 +3162,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3102,89 +3171,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3201,74 +3270,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3276,33 +3345,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3310,7 +3379,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3318,7 +3387,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3332,18 +3401,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3352,7 +3421,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3543,7 +3612,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3671,7 +3740,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3742,32 +3811,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3777,109 +3852,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3887,17 +3962,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3906,26 +3981,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3933,7 +4126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3943,7 +4136,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4072,30 +4265,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4103,31 +4306,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4769,7 +4972,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4786,7 +4989,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/fi.po b/src/man/po/fi.po index b20c8fde..93b85694 100644 --- a/src/man/po/fi.po +++ b/src/man/po/fi.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Finnish (http://www.transifex.net/projects/p/fedora/team/" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -797,7 +797,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -936,7 +936,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1307,6 +1307,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1316,29 +1333,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1346,19 +1363,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1366,73 +1383,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1440,17 +1457,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1459,17 +1476,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1477,17 +1494,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1495,18 +1512,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1536,7 +1553,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1545,7 +1562,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1596,7 +1613,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2439,73 +2456,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2513,7 +2555,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2521,17 +2563,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2539,17 +2581,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2560,12 +2602,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2573,29 +2615,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2603,13 +2664,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2617,27 +2678,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2645,7 +2714,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2653,7 +2722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2661,41 +2730,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2704,38 +2773,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2743,90 +2812,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2834,27 +2903,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2866,7 +2935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2874,7 +2943,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2882,53 +2951,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2937,7 +3006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2945,61 +3014,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3009,12 +3078,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3023,14 +3092,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3039,24 +3108,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3064,19 +3133,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3085,7 +3154,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3093,7 +3162,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3102,89 +3171,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3201,74 +3270,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3276,33 +3345,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3310,7 +3379,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3318,7 +3387,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3332,18 +3401,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3352,7 +3421,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3543,7 +3612,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3671,7 +3740,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3742,32 +3811,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3777,109 +3852,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3887,17 +3962,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3906,26 +3981,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3933,7 +4126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3943,7 +4136,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4072,30 +4265,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4103,31 +4306,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4769,7 +4972,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4786,7 +4989,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/fr.po b/src/man/po/fr.po index 5283d256..02f1184e 100644 --- a/src/man/po/fr.po +++ b/src/man/po/fr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2011-09-18 15:37+0000\n" "Last-Translator: MarbolanGos <marbolangos@gmail.com>\n" "Language-Team: French <trans-fr@lists.fedoraproject.org>\n" @@ -119,9 +119,9 @@ msgstr "" "<replaceable>GROUPS</replaceable>." #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -251,7 +251,7 @@ msgid "The [sssd] section" msgstr "La section [sssd]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "Paramètres de section" @@ -518,8 +518,8 @@ msgid "Add a timestamp to the debug messages" msgstr "Ajoute un horodatage aux messages de débogage" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "Défaut : true" @@ -538,9 +538,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "Ajoute un horodatage aux messages de débogage" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -929,10 +929,15 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:513 +#, fuzzy +#| msgid "" +#| "If set to 0 the user cannot authenticate offline if " +#| "offline_failed_login_attempts has been reached. Only a successful online " +#| "authentication can enable enable offline authentication again." msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" "Si la valeur est à 0 l'utilisateur ne peut s'authentifier en mode déconnecté " "si offline_failed_login_attempts est atteint. Seulement une connexion " @@ -1099,7 +1104,7 @@ msgstr "" "répondre." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "Défaut : 10" @@ -1554,6 +1559,27 @@ msgstr "override_gid (entier)" msgid "Override the primary GID value with the one specified." msgstr "Redéfini le GID primaire avec la valeur spécifiée." +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +#, fuzzy +#| msgid "ldap_referrals (boolean)" +msgid "case_sensitive (boolean)" +msgstr "ldap_referrals (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +#, fuzzy +#| msgid "Default: true" +msgid "Default: True" +msgstr "Défaut : true" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1567,17 +1593,17 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "Le proxy cible auquel PAM devient mandataire." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." @@ -1586,12 +1612,12 @@ msgstr "" "ou créer une nouvelle et ajouter le nom de service ici." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1602,7 +1628,7 @@ msgstr "" "$(libName)_$(function), par exemple _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" @@ -1611,12 +1637,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "La section du domaine local" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1627,29 +1653,29 @@ msgstr "" "dire un domaine qui utilise <replaceable>id_provider=local</replaceable>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "default_shell (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" "Le shell par défaut pour les utilisateurs créés avec les outils de l'espace " "utilisateur SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "Par défaut : <filename>/bin/bash</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "base_directory (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." @@ -1658,17 +1684,17 @@ msgstr "" "replaceable> et l'utilise comme dossier maison." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "Par défaut : <filename>/home</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "create_homedir (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." @@ -1677,17 +1703,17 @@ msgstr "" "utilisateurs. Peut être outrepassé par la ligne de commande." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "Par défaut : TRUE" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "remove_homedir (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." @@ -1696,12 +1722,12 @@ msgstr "" "des utilisateurs. Peut être outrepassé par la ligne de commande." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "homedir_umask (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1712,17 +1738,17 @@ msgstr "" "défaut sur un répertoire maison nouvellement créé." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "Par défaut : 077" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "skel_dir (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1735,17 +1761,17 @@ msgstr "" "manvolnum> </citerefentry>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "Par défaut : <filename>/etc/skel</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "mail_dir (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1756,17 +1782,17 @@ msgstr "" "par défaut est utilisée." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "Par défaut : <filename>/var/mail</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "userdel_cmd (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1777,18 +1803,18 @@ msgstr "" "commande n'est pas pris en compte." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "Par défaut : aucune commande lancée" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "EXEMPLE" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1842,7 +1868,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1855,7 +1881,7 @@ msgstr "" "\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1933,7 +1959,7 @@ msgstr "" "en tant que fournisseur d'accès." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "OPTIONS DE CONFIGURATION" @@ -2315,7 +2341,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -2325,14 +2351,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2664,7 +2690,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2679,7 +2705,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2828,73 +2854,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2902,7 +2953,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2910,17 +2961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2928,17 +2979,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2949,12 +3000,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2962,29 +3013,52 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +#, fuzzy +#| msgid "reconnection_retries (integer)" +msgid "ldap_connection_expire_timeout (integer)" +msgstr "reconnection_retries (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +#, fuzzy +#| msgid "Default: 0 (No limit)" +msgid "Default: 900 (15 minutes)" +msgstr "Défaut : 0 (pas de limite)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2992,13 +3066,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -3006,27 +3080,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -3034,7 +3116,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -3042,7 +3124,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -3050,41 +3132,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -3093,38 +3175,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -3132,94 +3214,94 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 #, fuzzy #| msgid "ldap_referrals (boolean)" msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_referrals (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 #, fuzzy #| msgid "Default: filter" msgid "Default: false;" msgstr "Défaut : filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -3227,27 +3309,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 #, fuzzy #| msgid "" #| "Specifies the comma-separated list of URIs of the LDAP servers to which " @@ -3272,7 +3354,7 @@ msgstr "" "d'informations." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -3280,7 +3362,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -3288,55 +3370,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 #, fuzzy #| msgid "ldap_referrals (boolean)" msgid "krb5_canonicalize (boolean)" msgstr "ldap_referrals (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -3345,7 +3427,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3353,61 +3435,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "Défaut : ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3417,12 +3499,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "Exemple:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3431,14 +3513,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3447,24 +3529,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "Défaut : vide" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3472,19 +3554,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3493,7 +3575,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3501,7 +3583,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3510,89 +3592,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "ldap_access_order (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "Défaut : filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "ldap_deref (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3609,74 +3691,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "OPTIONS AVANCÉES" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "ldap_user_search_filter (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3684,33 +3766,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "ldap_group_search_filter (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3718,7 +3800,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3726,7 +3808,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3740,18 +3822,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "NOTES" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3760,7 +3842,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3973,7 +4055,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -4105,7 +4187,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4171,37 +4253,56 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 +#, fuzzy +#| msgid "" +#| "This manual page describes the configuration of LDAP domains for " +#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" +#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> " +#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " +#| "information." msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" +"Ce manuel décrit la configuration des domaines LDAP pour <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>. Se référer à la section <quote>FILE FORMAT</quote> du manuel " +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> pour des informations sur la syntaxe détaillée." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "ipa_domain (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "ipa_server (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 #, fuzzy #| msgid "" #| "Specifies the comma-separated list of URIs of the LDAP servers to which " @@ -4224,109 +4325,109 @@ msgstr "" "d'informations." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "ipa_hostname (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "ipa_dyndns_update (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "ipa_dyndns_iface (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "krb5_validate (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -4334,17 +4435,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "Défaut : 5 (secondes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "ipa_hbac_treat_deny_as (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -4353,26 +4454,178 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "Défaut : DENY_ALL" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +#, fuzzy +#| msgid "ldap_netgroup_search_base (string)" +msgid "ipa_netgroup_member_of (string)" +msgstr "ldap_netgroup_search_base (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's id." +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "L'attribut LDAP correspondant à l'id utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +#, fuzzy +#| msgid "ldap_netgroup_search_base (string)" +msgid "ipa_netgroup_member_user (string)" +msgstr "ldap_netgroup_search_base (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +#, fuzzy +#| msgid "Default: uidNumber" +msgid "Default: memberUser" +msgstr "par défaut : uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +#, fuzzy +#| msgid "ldap_netgroup_search_base (string)" +msgid "ipa_netgroup_member_host (string)" +msgstr "ldap_netgroup_search_base (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +#, fuzzy +#| msgid "Default: root" +msgid "Default: memberHost" +msgstr "Défaut : root" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +#, fuzzy +#| msgid "ldap_netgroup_search_base (string)" +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "ldap_netgroup_search_base (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +#, fuzzy +#| msgid "Default: root" +msgid "Default: externalHost" +msgstr "Défaut : root" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +#, fuzzy +#| msgid "ipa_domain (string)" +msgid "ipa_netgroup_domain (string)" +msgstr "ipa_domain (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's id." +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "L'attribut LDAP correspondant à l'id utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +#, fuzzy +#| msgid "Default: uidNumber" +msgid "Default: nisDomainName" +msgstr "par défaut : uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +#, fuzzy +#| msgid "ldap_user_object_class (string)" +msgid "ipa_host_object_class (string)" +msgstr "ldap_user_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +#, fuzzy +#| msgid "The object class of a user entry in LDAP." +msgid "The object class of a host entry in LDAP." +msgstr "La classe objet d'une entrée utilisateur dans LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +#, fuzzy +#| msgid "Default: root" +msgid "Default: ipaHost" +msgstr "Défaut : root" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +#, fuzzy +#| msgid "ipa_hostname (string)" +msgid "ipa_host_fqdn (string)" +msgstr "ipa_hostname (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's id." +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "L'attribut LDAP correspondant à l'id utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +#, fuzzy +#| msgid "Default: uid" +msgid "Default: fqdn" +msgstr "Par défaut : uid" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4380,7 +4633,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4390,7 +4643,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4539,30 +4792,42 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +#, fuzzy +#| msgid "<option>retry=N</option>" +msgid "<option>--version</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "Signaux" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "SIGTERM/SIGINT" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "SIGHUP" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4570,31 +4835,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "SIGUSR1" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "SIGUSR2" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -5236,7 +5501,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -5253,7 +5518,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/hu.po b/src/man/po/hu.po index 3a3f429a..60f5c68e 100644 --- a/src/man/po/hu.po +++ b/src/man/po/hu.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Hungarian <trans-hu@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/id.po b/src/man/po/id.po index 0e2ce209..ed8db9a6 100644 --- a/src/man/po/id.po +++ b/src/man/po/id.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Indonesian <trans-id@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/it.po b/src/man/po/it.po index 8cf94977..f30a282b 100644 --- a/src/man/po/it.po +++ b/src/man/po/it.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Italian <trans-it@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/ja.po b/src/man/po/ja.po index 396490dd..86d69c15 100644 --- a/src/man/po/ja.po +++ b/src/man/po/ja.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Japanese <trans-ja@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/ja_JP.po b/src/man/po/ja_JP.po index 6864e09d..afed02c4 100644 --- a/src/man/po/ja_JP.po +++ b/src/man/po/ja_JP.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/ko.po b/src/man/po/ko.po index 53d9dc5c..d075271f 100644 --- a/src/man/po/ko.po +++ b/src/man/po/ko.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Korean (http://www.transifex.net/projects/p/fedora/team/ko/)\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/lt.po b/src/man/po/lt.po index 0a6d3681..9929b4ef 100644 --- a/src/man/po/lt.po +++ b/src/man/po/lt.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Lithuanian (http://www.transifex.net/projects/p/fedora/team/" @@ -107,9 +107,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -216,7 +216,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -445,8 +445,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -461,9 +461,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -798,7 +798,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -937,7 +937,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1308,6 +1308,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1317,29 +1334,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1347,19 +1364,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1367,73 +1384,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1441,17 +1458,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1460,17 +1477,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1478,17 +1495,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1496,18 +1513,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1537,7 +1554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1546,7 +1563,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1597,7 +1614,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1927,7 +1944,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1937,14 +1954,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2276,7 +2293,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2291,7 +2308,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2440,73 +2457,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2514,7 +2556,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2522,17 +2564,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2540,17 +2582,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2561,12 +2603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2574,29 +2616,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2604,13 +2665,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2618,27 +2679,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2646,7 +2715,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2654,7 +2723,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2662,41 +2731,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2705,38 +2774,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2744,90 +2813,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2835,27 +2904,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2867,7 +2936,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2875,7 +2944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2883,53 +2952,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2938,7 +3007,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2946,61 +3015,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3010,12 +3079,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3024,14 +3093,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3040,24 +3109,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3065,19 +3134,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3086,7 +3155,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3094,7 +3163,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3103,89 +3172,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3202,74 +3271,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3277,33 +3346,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3311,7 +3380,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3319,7 +3388,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3333,18 +3402,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3353,7 +3422,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3544,7 +3613,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3672,7 +3741,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3743,32 +3812,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3778,109 +3853,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3888,17 +3963,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3907,26 +3982,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3934,7 +4127,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3944,7 +4137,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4073,30 +4266,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4104,31 +4307,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4770,7 +4973,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4787,7 +4990,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/nb.po b/src/man/po/nb.po index acc9efa2..b3f597c5 100644 --- a/src/man/po/nb.po +++ b/src/man/po/nb.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/nl.po b/src/man/po/nl.po index d2bfaded..f30d3a77 100644 --- a/src/man/po/nl.po +++ b/src/man/po/nl.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2011-03-08 15:06+0000\n" "Last-Translator: sgallagh <sgallagh@redhat.com>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -119,9 +119,9 @@ msgstr "" "replaceable> parameter." #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -254,7 +254,7 @@ msgid "The [sssd] section" msgstr "De [sssd] sectie" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "Sectie parameters" @@ -516,8 +516,8 @@ msgid "Add a timestamp to the debug messages" msgstr "Voeg een tijdstempel toe aan de debugberichten" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "Standaard: true" @@ -536,9 +536,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "Voeg een tijdstempel toe aan de debugberichten" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -883,7 +883,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -1022,7 +1022,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1395,6 +1395,27 @@ msgstr "reconnection_retries (numeriek)" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +#, fuzzy +#| msgid "try_inotify (boolean)" +msgid "case_sensitive (boolean)" +msgstr "try_inotify (bool)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +#, fuzzy +#| msgid "Default: true" +msgid "Default: True" +msgstr "Standaard: true" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1404,29 +1425,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1434,19 +1455,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1454,73 +1475,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1528,17 +1549,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1547,17 +1568,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1565,17 +1586,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1583,18 +1604,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1624,7 +1645,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1633,7 +1654,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1684,7 +1705,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -2016,7 +2037,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -2026,14 +2047,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2367,7 +2388,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2382,7 +2403,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2533,73 +2554,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2607,7 +2653,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2615,17 +2661,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2633,17 +2679,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2654,12 +2700,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2667,35 +2713,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +#, fuzzy +#| msgid "reconnection_retries (integer)" +msgid "ldap_connection_expire_timeout (integer)" +msgstr "reconnection_retries (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 900 (15 minutes)" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 #, fuzzy #| msgid "debug_level (integer)" msgid "ldap_page_size (integer)" msgstr "debug_level (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 #, fuzzy #| msgid "Default: 120" msgid "Default: 1000" msgstr "Standaard: 120" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 #, fuzzy #| msgid "debug_level (integer)" msgid "ldap_deref_threshold (integer)" msgstr "debug_level (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2703,13 +2772,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2717,27 +2786,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2745,7 +2822,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2753,7 +2830,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2761,41 +2838,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2804,38 +2881,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2843,92 +2920,92 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 #, fuzzy #| msgid "Default: 3" msgid "Default: false;" msgstr "Standaard: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2936,27 +3013,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2968,7 +3045,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2976,7 +3053,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2984,55 +3061,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 #, fuzzy #| msgid "try_inotify (boolean)" msgid "krb5_canonicalize (boolean)" msgstr "try_inotify (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -3041,7 +3118,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3049,61 +3126,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3113,12 +3190,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3127,14 +3204,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3143,24 +3220,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3168,19 +3245,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3189,7 +3266,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3197,7 +3274,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3206,89 +3283,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3305,74 +3382,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3380,33 +3457,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3414,7 +3491,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3422,7 +3499,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3436,18 +3513,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3456,7 +3533,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3667,7 +3744,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3795,7 +3872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3866,32 +3943,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3901,111 +3984,111 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "ipa_hbac_refresh (integer)" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -4013,19 +4096,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 #, fuzzy #| msgid "Default: 3" msgid "Default: 5 (seconds)" msgstr "Standaard: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -4034,28 +4117,160 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 #, fuzzy #| msgid "Default: 3" msgid "Default: DENY_ALL" msgstr "Standaard: 3" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +#, fuzzy +#| msgid "Default: true" +msgid "Default: memberUser" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: memberHost" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: externalHost" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +#, fuzzy +#| msgid "full_name_format (string)" +msgid "ipa_netgroup_domain (string)" +msgstr "full_name_format (tekst)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: nisDomainName" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: ipaHost" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: fqdn" +msgstr "Standaard: 3" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4063,7 +4278,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4073,7 +4288,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4218,30 +4433,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4249,31 +4474,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4915,7 +5140,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4934,7 +5159,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/nn.po b/src/man/po/nn.po index 1b06dae9..d0c693f4 100644 --- a/src/man/po/nn.po +++ b/src/man/po/nn.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Norwegian Nynorsk <i18n-nn@lister.ping.uio.no>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/pl.po b/src/man/po/pl.po index 980ba829..c4d083e0 100644 --- a/src/man/po/pl.po +++ b/src/man/po/pl.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2011-03-08 15:06+0000\n" "Last-Translator: sgallagh <sgallagh@redhat.com>\n" "Language-Team: Polish <None>\n" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -797,7 +797,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -936,7 +936,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1307,6 +1307,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1316,29 +1333,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1346,19 +1363,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1366,73 +1383,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1440,17 +1457,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1459,17 +1476,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1477,17 +1494,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1495,18 +1512,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1536,7 +1553,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1545,7 +1562,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1596,7 +1613,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2439,73 +2456,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2513,7 +2555,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2521,17 +2563,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2539,17 +2581,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2560,12 +2602,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2573,29 +2615,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2603,13 +2664,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2617,27 +2678,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2645,7 +2714,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2653,7 +2722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2661,41 +2730,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2704,38 +2773,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2743,90 +2812,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2834,27 +2903,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2866,7 +2935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2874,7 +2943,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2882,53 +2951,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2937,7 +3006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2945,61 +3014,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3009,12 +3078,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3023,14 +3092,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3039,24 +3108,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3064,19 +3133,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3085,7 +3154,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3093,7 +3162,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3102,89 +3171,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3201,74 +3270,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3276,33 +3345,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3310,7 +3379,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3318,7 +3387,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3332,18 +3401,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3352,7 +3421,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3543,7 +3612,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3671,7 +3740,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3742,32 +3811,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3777,109 +3852,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3887,17 +3962,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3906,26 +3981,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3933,7 +4126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3943,7 +4136,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4072,30 +4265,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4103,31 +4306,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4769,7 +4972,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4786,7 +4989,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/pt.po b/src/man/po/pt.po index 6e8973d8..3dbe4413 100644 --- a/src/man/po/pt.po +++ b/src/man/po/pt.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Portuguese <trans-pt@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po index 80ce62ea..91868952 100644 --- a/src/man/po/pt_BR.po +++ b/src/man/po/pt_BR.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Portuguese (Brazilian) <trans-pt_br@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/ru.po b/src/man/po/ru.po index ba188980..0a45233d 100644 --- a/src/man/po/ru.po +++ b/src/man/po/ru.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Russian <trans-ru@lists.fedoraproject.org>\n" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -797,7 +797,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -936,7 +936,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1307,6 +1307,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1316,29 +1333,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1346,19 +1363,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1366,73 +1383,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1440,17 +1457,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1459,17 +1476,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1477,17 +1494,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1495,18 +1512,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1536,7 +1553,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1545,7 +1562,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1596,7 +1613,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2439,73 +2456,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2513,7 +2555,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2521,17 +2563,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2539,17 +2581,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2560,12 +2602,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2573,29 +2615,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2603,13 +2664,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2617,27 +2678,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2645,7 +2714,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2653,7 +2722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2661,41 +2730,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2704,38 +2773,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2743,90 +2812,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2834,27 +2903,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2866,7 +2935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2874,7 +2943,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2882,53 +2951,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2937,7 +3006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2945,61 +3014,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3009,12 +3078,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3023,14 +3092,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3039,24 +3108,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3064,19 +3133,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3085,7 +3154,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3093,7 +3162,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3102,89 +3171,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3201,74 +3270,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3276,33 +3345,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3310,7 +3379,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3318,7 +3387,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3332,18 +3401,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3352,7 +3421,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3543,7 +3612,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3671,7 +3740,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3742,32 +3811,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3777,109 +3852,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3887,17 +3962,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3906,26 +3981,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3933,7 +4126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3943,7 +4136,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4072,30 +4265,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4103,31 +4306,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4769,7 +4972,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4786,7 +4989,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/sk.po b/src/man/po/sk.po index da902a41..73863205 100644 --- a/src/man/po/sk.po +++ b/src/man/po/sk.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Slovak (http://www.transifex.net/projects/p/fedora/team/sk/)\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/sq.po b/src/man/po/sq.po index 1c866a96..3d0d15e9 100644 --- a/src/man/po/sq.po +++ b/src/man/po/sq.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Albanian (http://www.transifex.net/projects/p/fedora/team/" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -797,7 +797,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -936,7 +936,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1307,6 +1307,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1316,29 +1333,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1346,19 +1363,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1366,73 +1383,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1440,17 +1457,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1459,17 +1476,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1477,17 +1494,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1495,18 +1512,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1536,7 +1553,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1545,7 +1562,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1596,7 +1613,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2439,73 +2456,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2513,7 +2555,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2521,17 +2563,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2539,17 +2581,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2560,12 +2602,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2573,29 +2615,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2603,13 +2664,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2617,27 +2678,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2645,7 +2714,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2653,7 +2722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2661,41 +2730,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2704,38 +2773,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2743,90 +2812,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2834,27 +2903,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2866,7 +2935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2874,7 +2943,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2882,53 +2951,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2937,7 +3006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2945,61 +3014,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3009,12 +3078,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3023,14 +3092,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3039,24 +3108,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3064,19 +3133,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3085,7 +3154,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3093,7 +3162,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3102,89 +3171,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3201,74 +3270,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3276,33 +3345,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3310,7 +3379,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3318,7 +3387,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3332,18 +3401,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3352,7 +3421,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3543,7 +3612,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3671,7 +3740,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3742,32 +3811,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3777,109 +3852,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3887,17 +3962,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3906,26 +3981,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3933,7 +4126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3943,7 +4136,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4072,30 +4265,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4103,31 +4306,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4769,7 +4972,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4786,7 +4989,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/sr.po b/src/man/po/sr.po index a59a6f80..7d28658b 100644 --- a/src/man/po/sr.po +++ b/src/man/po/sr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Serbian <trans-sr@lists.fedoraproject.org>\n" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -797,7 +797,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -936,7 +936,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1307,6 +1307,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1316,29 +1333,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1346,19 +1363,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1366,73 +1383,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1440,17 +1457,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1459,17 +1476,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1477,17 +1494,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1495,18 +1512,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1536,7 +1553,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1545,7 +1562,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1596,7 +1613,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2439,73 +2456,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2513,7 +2555,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2521,17 +2563,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2539,17 +2581,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2560,12 +2602,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2573,29 +2615,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2603,13 +2664,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2617,27 +2678,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2645,7 +2714,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2653,7 +2722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2661,41 +2730,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2704,38 +2773,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2743,90 +2812,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2834,27 +2903,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2866,7 +2935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2874,7 +2943,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2882,53 +2951,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2937,7 +3006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2945,61 +3014,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3009,12 +3078,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3023,14 +3092,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3039,24 +3108,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3064,19 +3133,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3085,7 +3154,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3093,7 +3162,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3102,89 +3171,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3201,74 +3270,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3276,33 +3345,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3310,7 +3379,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3318,7 +3387,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3332,18 +3401,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3352,7 +3421,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3543,7 +3612,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3671,7 +3740,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3742,32 +3811,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3777,109 +3852,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3887,17 +3962,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3906,26 +3981,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3933,7 +4126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3943,7 +4136,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4072,30 +4265,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4103,31 +4306,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4769,7 +4972,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4786,7 +4989,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot index 4905c898..87c70b9e 100644 --- a/src/man/po/sssd-docs.pot +++ b/src/man/po/sssd-docs.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 1.7.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -93,7 +93,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138 msgid "SEE ALSO" msgstr "" @@ -200,7 +200,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -428,7 +428,7 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -443,7 +443,7 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -778,7 +778,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -918,7 +918,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1289,6 +1289,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1299,29 +1316,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1329,19 +1346,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1349,73 +1366,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1423,17 +1440,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1442,17 +1459,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1460,17 +1477,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1478,17 +1495,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1518,7 +1535,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1527,7 +1544,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> " @@ -1584,7 +1601,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 sssd-krb5.5.xml:63 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1912,7 +1929,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1922,14 +1939,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2262,7 +2279,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2277,7 +2294,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2426,71 +2443,96 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2498,7 +2540,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2506,17 +2548,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2524,17 +2566,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> " @@ -2545,12 +2587,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2558,29 +2600,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value " +"vs. the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single " "request. Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2588,12 +2649,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2601,27 +2662,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2629,7 +2698,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2637,7 +2706,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2645,41 +2714,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in " "<filename>/etc/openldap/ldap.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2688,37 +2757,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2726,90 +2795,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem " "class=\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2817,27 +2886,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of " @@ -2849,7 +2918,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2857,7 +2926,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of " "SSSD. While the legacy name is recognized for the time being, users are " @@ -2866,53 +2935,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client " "side. The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use " "<citerefentry><refentrytitle>shadow</refentrytitle> " @@ -2922,7 +2991,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2930,61 +2999,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -2994,12 +3063,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3008,14 +3077,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3024,24 +3093,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3049,19 +3118,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3070,7 +3139,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, " "<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check " @@ -3078,7 +3147,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3087,89 +3156,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3186,73 +3255,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = " @@ -3261,33 +3330,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3295,7 +3364,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3303,7 +3372,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3317,17 +3386,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 sssd-krb5.5.xml:441 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3336,7 +3405,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> " "<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> " @@ -3533,7 +3602,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3663,7 +3732,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " @@ -3737,33 +3806,39 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> identity provider and the <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " -"</citerefentry> authentication provider. However, it is neither necessary " -"nor recommended to set these options. IPA provider can also be used as an " -"access and chpass provider. As an access provider it uses HBAC (host-based " -"access control) rules. Please refer to freeipa.org for more information " -"about HBAC. No configuration of access provider is required on the client " -"side." +"</citerefentry> authentication provider with some exceptions described " +"below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3774,109 +3849,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -3884,17 +3959,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3903,26 +3978,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and " "example.com is one of the domains in the <replaceable>[sssd]</replaceable> " @@ -3930,7 +4123,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3940,7 +4133,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> " "<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> " @@ -4071,30 +4264,40 @@ msgid "" "</citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> " "<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> " @@ -4774,7 +4977,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4791,7 +4994,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/ta.po b/src/man/po/ta.po index 21a875df..f59d94b4 100644 --- a/src/man/po/ta.po +++ b/src/man/po/ta.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Tamil <tamil-users@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/tr.po b/src/man/po/tr.po index a309f2e7..135811a7 100644 --- a/src/man/po/tr.po +++ b/src/man/po/tr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Turkish (http://www.transifex.net/projects/p/fedora/team/" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -797,7 +797,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -936,7 +936,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1307,6 +1307,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1316,29 +1333,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1346,19 +1363,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1366,73 +1383,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1440,17 +1457,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1459,17 +1476,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1477,17 +1494,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1495,18 +1512,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1536,7 +1553,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1545,7 +1562,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1596,7 +1613,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2439,73 +2456,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2513,7 +2555,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2521,17 +2563,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2539,17 +2581,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2560,12 +2602,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2573,29 +2615,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2603,13 +2664,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2617,27 +2678,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2645,7 +2714,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2653,7 +2722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2661,41 +2730,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2704,38 +2773,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2743,90 +2812,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2834,27 +2903,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2866,7 +2935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2874,7 +2943,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2882,53 +2951,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2937,7 +3006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2945,61 +3014,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3009,12 +3078,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3023,14 +3092,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3039,24 +3108,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3064,19 +3133,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3085,7 +3154,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3093,7 +3162,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3102,89 +3171,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3201,74 +3270,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3276,33 +3345,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3310,7 +3379,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3318,7 +3387,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3332,18 +3401,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3352,7 +3421,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3543,7 +3612,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3671,7 +3740,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3742,32 +3811,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3777,109 +3852,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3887,17 +3962,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3906,26 +3981,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3933,7 +4126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3943,7 +4136,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4072,30 +4265,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4103,31 +4306,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4769,7 +4972,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4786,7 +4989,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/uk.po b/src/man/po/uk.po index fc82c1bb..3a6ec1fa 100644 --- a/src/man/po/uk.po +++ b/src/man/po/uk.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 1.5.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2011-01-25 20:56+0200\n" "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" "Language-Team: Ukrainian <translation@linux.org.ua>\n" @@ -132,9 +132,9 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -282,7 +282,7 @@ msgstr "Розділ [sssd]" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "Параметри розділу" @@ -591,8 +591,8 @@ msgstr "Додати часову позначку до діагностични # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "Типове значення: true" @@ -614,9 +614,9 @@ msgstr "Додати часову позначку до діагностични # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "Типове значення: false" @@ -1017,13 +1017,12 @@ msgid "" "has been reached before a new login attempt is possible." msgstr "" -# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:513 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -1183,7 +1182,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "Типове значення: 10" @@ -1647,6 +1646,29 @@ msgstr "min_id,max_id (ціле значення)" msgid "Override the primary GID value with the one specified." msgstr "" +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +#, fuzzy +#| msgid "ldap_krb5_init_creds (boolean)" +msgid "case_sensitive (boolean)" +msgstr "ldap_krb5_init_creds (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +#, fuzzy +#| msgid "Default: true" +msgid "Default: True" +msgstr "Типове значення: true" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1657,19 +1679,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "Комп’ютер, для якого виконує проксі-сервер PAM." # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." @@ -1677,13 +1699,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1691,7 +1713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" @@ -1701,13 +1723,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><title> #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "Розділ локального домену" # type: Content of: <reference><refentry><refsect1><refsect2><para> #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1716,13 +1738,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "default_shell (рядок)" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" "Типова оболонка для записів користувачів, створених за допомогою " @@ -1730,19 +1752,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "Типове значення: <filename>/bin/bash</filename>" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "base_directory (рядок)" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." @@ -1750,18 +1772,18 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "Типове значення: <filename>/home</filename>" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "create_homedir (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." @@ -1769,18 +1791,18 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "Типове значення: TRUE" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "remove_homedir (булівське значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." @@ -1788,13 +1810,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "homedir_umask (ціле число)" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1806,19 +1828,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "Типове значення: 077" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "skel_dir (рядок)" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1828,19 +1850,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "Типове значення: <filename>/etc/skel</filename>" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "mail_dir (рядок)" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1849,19 +1871,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "Типове значення: <filename>/var/mail</filename>" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "userdel_cmd (рядок)" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1870,20 +1892,20 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "Типове значення: None, не виконувати жодних команд" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "ПРИКЛАД" # type: Content of: <reference><refentry><refsect1><para><programlisting> #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1937,7 +1959,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1947,7 +1969,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -2017,7 +2039,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "ПАРАМЕТРИ НАЛАШТУВАННЯ" @@ -2401,7 +2423,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "Типове значення: nsUniqueId" @@ -2413,7 +2435,7 @@ msgstr "ldap_user_modify_timestamp (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." @@ -2421,7 +2443,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "Типове значення: modifyTimestamp" @@ -2812,7 +2834,7 @@ msgstr "Атрибут LDAP, що відповідає повному імені # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "Типове значення: cn" @@ -2830,7 +2852,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "Типове значення: memberOf" @@ -3002,88 +3024,113 @@ msgstr "ldap_netgroup_object_class (рядок)" msgid "The object class of a netgroup entry in LDAP." msgstr "" -# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "Типове значення: nisNetgroup" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "ldap_netgroup_name (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "ldap_netgroup_member (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "Типове значення: memberNisNetgroup" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "ldap_netgroup_triple (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "Типове значення: nisNetgroupTriple" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "ldap_netgroup_uuid (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "ldap_netgroup_modify_timestamp (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -3091,7 +3138,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -3100,18 +3147,18 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "Типове значення: 6" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -3120,19 +3167,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "Типове значення: 60" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (ціле число)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -3144,13 +3191,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (ціле число)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -3159,14 +3206,39 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_connection_expire_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +#, fuzzy +#| msgid "Default: 0 (No limit)" +msgid "Default: 900 (15 minutes)" +msgstr "Типове значення: 0 (без обмежень)" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_page_size (integer)" msgstr "ldap_opt_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." @@ -3174,7 +3246,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 #, fuzzy #| msgid "Default: 10" msgid "Default: 1000" @@ -3182,14 +3254,14 @@ msgstr "Типове значення: 10" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_deref_threshold (integer)" msgstr "ldap_search_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -3197,13 +3269,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -3211,15 +3283,23 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -3227,7 +3307,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -3235,7 +3315,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -3244,7 +3324,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -3253,7 +3333,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -3262,25 +3342,25 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "Типове значення: hard" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -3288,7 +3368,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -3296,13 +3376,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -3312,42 +3392,42 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "Типове значення: not set" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (рядок)" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -3356,13 +3436,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (булеве значення)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." @@ -3370,13 +3450,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." @@ -3384,19 +3464,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "Типове значення: none" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." @@ -3404,20 +3484,20 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "Типове значення: вузол/комп’ютер.fqdn@ОБЛАСТЬ" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 #, fuzzy #| msgid "ldap_krb5_init_creds (boolean)" msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_krb5_init_creds (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." @@ -3425,7 +3505,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 #, fuzzy #| msgid "Default: false" msgid "Default: false;" @@ -3433,31 +3513,31 @@ msgstr "Типове значення: false" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (булеве значення)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -3466,30 +3546,30 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (ціле число)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "Типове значення: 86400 (24 години)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "krb5_server (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -3501,7 +3581,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -3510,7 +3590,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -3519,19 +3599,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</" @@ -3539,28 +3619,28 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 #, fuzzy #| msgid "ldap_krb5_init_creds (boolean)" msgid "krb5_canonicalize (boolean)" msgstr "ldap_krb5_init_creds (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -3568,7 +3648,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -3576,7 +3656,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -3586,7 +3666,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3595,19 +3675,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (булеве значення)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -3615,49 +3695,49 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "Типове значення: ldap" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3668,13 +3748,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "Приклад:" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3687,7 +3767,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." @@ -3695,7 +3775,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3705,25 +3785,25 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "Типове значення: порожній рядок" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3731,19 +3811,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "Можна використовувати такі значення:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3752,7 +3832,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3760,7 +3840,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3770,12 +3850,12 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "ldap_access_order (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Список відокремлених комами параметрів керування доступом. Можливі значення " @@ -3783,18 +3863,18 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" "<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -3803,7 +3883,7 @@ msgstr "" "можливості доступу атрибут authorizedService" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 #, fuzzy #| msgid "" #| "<emphasis>authorized_service</emphasis>: use the authorizedService " @@ -3815,12 +3895,12 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "Типове значення: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -3828,13 +3908,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "ldap_deref (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -3842,13 +3922,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -3856,7 +3936,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -3864,7 +3944,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -3872,7 +3952,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3890,25 +3970,25 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "ДОДАТКОВІ ПАРАМЕТРИ" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." @@ -3916,58 +3996,58 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 #, fuzzy #| msgid "ldap_user_search_base (string)" msgid "ldap_user_search_filter (string)" msgstr "ldap_user_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3975,7 +4055,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." @@ -3983,28 +4063,28 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 #, fuzzy #| msgid "ldap_group_search_base (string)" msgid "ldap_group_search_filter (string)" msgstr "ldap_group_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -4013,7 +4093,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -4022,7 +4102,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><programlisting> #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -4044,20 +4124,20 @@ msgstr "" " enumerate = true\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "ЗАУВАЖЕННЯ" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -4067,7 +4147,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -4323,7 +4403,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -4466,7 +4546,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4546,27 +4626,41 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 +#, fuzzy +#| msgid "" +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +#| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</" +#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>" msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "ipa_domain (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." @@ -4574,12 +4668,12 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "ipa_server (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -4590,13 +4684,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "ipa_hostname (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." @@ -4604,13 +4698,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "ipa_dyndns_update (булеве значення)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." @@ -4618,13 +4712,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "ipa_dyndns_iface (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." @@ -4632,36 +4726,36 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "Типове значення: використання базової назви домену" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "krb5_validate (булеве значення)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." @@ -4669,44 +4763,44 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 #, fuzzy #| msgid "ipa_hbac_search_base (string)" msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -4715,7 +4809,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 #, fuzzy #| msgid "Default: gecos" msgid "Default: 5 (seconds)" @@ -4723,14 +4817,14 @@ msgstr "Типове значення: gecos" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 #, fuzzy #| msgid "ipa_hbac_search_base (string)" msgid "ipa_hbac_treat_deny_as (string)" msgstr "ipa_hbac_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -4739,14 +4833,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." @@ -4754,15 +4848,190 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 #, fuzzy #| msgid "Default: FALSE" msgid "Default: DENY_ALL" msgstr "Типове значення: FALSE" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +#, fuzzy +#| msgid "ldap_netgroup_member (string)" +msgid "ipa_netgroup_member_of (string)" +msgstr "ldap_netgroup_member (рядок)" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the group's id." +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "Атрибут LDAP, що відповідає ідентифікатору групи." + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +#, fuzzy +#| msgid "ldap_netgroup_member (string)" +msgid "ipa_netgroup_member_user (string)" +msgstr "ldap_netgroup_member (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +#, fuzzy +#| msgid "Default: memberOf" +msgid "Default: memberUser" +msgstr "Типове значення: memberOf" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +#, fuzzy +#| msgid "ldap_netgroup_member (string)" +msgid "ipa_netgroup_member_host (string)" +msgstr "ldap_netgroup_member (рядок)" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +#, fuzzy +#| msgid "" +#| "The LDAP attribute that contains the name of the user's home directory." +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "Атрибут LDAP, що містить назву домашнього каталогу користувача." + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +#, fuzzy +#| msgid "Default: memberOf" +msgid "Default: memberHost" +msgstr "Типове значення: memberOf" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +#, fuzzy +#| msgid "ldap_netgroup_member (string)" +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "ldap_netgroup_member (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +#, fuzzy +#| msgid "Default: root" +msgid "Default: externalHost" +msgstr "Типове значення: root" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +#, fuzzy +#| msgid "ipa_domain (string)" +msgid "ipa_netgroup_domain (string)" +msgstr "ipa_domain (рядок)" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +#, fuzzy +#| msgid "" +#| "The LDAP attribute that contains the name of the user's home directory." +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "Атрибут LDAP, що містить назву домашнього каталогу користувача." + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +#, fuzzy +#| msgid "Default: none" +msgid "Default: nisDomainName" +msgstr "Типове значення: none" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +#, fuzzy +#| msgid "ldap_user_object_class (string)" +msgid "ipa_host_object_class (string)" +msgstr "ldap_user_object_class (рядок)" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +#, fuzzy +#| msgid "The object class of a user entry in LDAP." +msgid "The object class of a host entry in LDAP." +msgstr "Клас об’єктів запису користувача у LDAP." + +# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +#, fuzzy +#| msgid "Default: root" +msgid "Default: ipaHost" +msgstr "Типове значення: root" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +#, fuzzy +#| msgid "ipa_hostname (string)" +msgid "ipa_host_fqdn (string)" +msgstr "ipa_hostname (рядок)" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +#, fuzzy +#| msgid "" +#| "The LDAP attribute that contains the name of the user's home directory." +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "Атрибут LDAP, що містить назву домашнього каталогу користувача." + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +#, fuzzy +#| msgid "Default: cn" +msgid "Default: fqdn" +msgstr "Типове значення: cn" + # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4771,7 +5040,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><programlisting> #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4786,7 +5055,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4964,21 +5233,34 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +#, fuzzy +#| msgid "<option>retry=N</option>" +msgid "<option>--version</option>" +msgstr "<option>retry=N</option>" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "Сигнали" # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "SIGTERM/SIGINT" # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." @@ -4986,13 +5268,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "SIGHUP" # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -5001,13 +5283,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "SIGUSR1" # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." @@ -5015,13 +5297,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "SIGUSR2" # type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." @@ -5029,7 +5311,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -5802,7 +6084,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -5822,7 +6104,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/ur.po b/src/man/po/ur.po index 46590472..dd0f188c 100644 --- a/src/man/po/ur.po +++ b/src/man/po/ur.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Urdu <trans-urdu@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/vi.po b/src/man/po/vi.po index b1e8a93d..8be8c3ab 100644 --- a/src/man/po/vi.po +++ b/src/man/po/vi.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Vietnamese (http://www.transifex.net/projects/p/fedora/team/" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -797,7 +797,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -936,7 +936,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1307,6 +1307,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1316,29 +1333,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1346,19 +1363,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1366,73 +1383,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1440,17 +1457,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1459,17 +1476,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1477,17 +1494,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1495,18 +1512,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1536,7 +1553,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1545,7 +1562,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1596,7 +1613,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2439,73 +2456,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2513,7 +2555,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2521,17 +2563,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2539,17 +2581,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2560,12 +2602,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2573,29 +2615,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2603,13 +2664,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2617,27 +2678,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2645,7 +2714,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2653,7 +2722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2661,41 +2730,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2704,38 +2773,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2743,90 +2812,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2834,27 +2903,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2866,7 +2935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2874,7 +2943,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2882,53 +2951,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2937,7 +3006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2945,61 +3014,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3009,12 +3078,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3023,14 +3092,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3039,24 +3108,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3064,19 +3133,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3085,7 +3154,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3093,7 +3162,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3102,89 +3171,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3201,74 +3270,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3276,33 +3345,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3310,7 +3379,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3318,7 +3387,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3332,18 +3401,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3352,7 +3421,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3543,7 +3612,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3671,7 +3740,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3742,32 +3811,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3777,109 +3852,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3887,17 +3962,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3906,26 +3981,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3933,7 +4126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3943,7 +4136,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4072,30 +4265,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4103,31 +4306,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4769,7 +4972,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4786,7 +4989,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po index f682ca71..e11a35f3 100644 --- a/src/man/po/zh_CN.po +++ b/src/man/po/zh_CN.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Chinese (China) (http://www.transifex.net/projects/p/fedora/" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -797,7 +797,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -936,7 +936,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1307,6 +1307,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1316,29 +1333,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1346,19 +1363,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1366,73 +1383,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1440,17 +1457,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1459,17 +1476,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1477,17 +1494,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1495,18 +1512,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1536,7 +1553,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1545,7 +1562,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1596,7 +1613,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2439,73 +2456,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2513,7 +2555,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2521,17 +2563,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2539,17 +2581,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2560,12 +2602,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2573,29 +2615,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2603,13 +2664,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2617,27 +2678,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2645,7 +2714,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2653,7 +2722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2661,41 +2730,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2704,38 +2773,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2743,90 +2812,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2834,27 +2903,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2866,7 +2935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2874,7 +2943,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2882,53 +2951,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2937,7 +3006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2945,61 +3014,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3009,12 +3078,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3023,14 +3092,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3039,24 +3108,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3064,19 +3133,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3085,7 +3154,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3093,7 +3162,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3102,89 +3171,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3201,74 +3270,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3276,33 +3345,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3310,7 +3379,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3318,7 +3387,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3332,18 +3401,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3352,7 +3421,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3543,7 +3612,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3671,7 +3740,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3742,32 +3811,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3777,109 +3852,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3887,17 +3962,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3906,26 +3981,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3933,7 +4126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3943,7 +4136,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4072,30 +4265,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4103,31 +4306,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4769,7 +4972,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4786,7 +4989,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" diff --git a/src/man/po/zh_TW.po b/src/man/po/zh_TW.po index 2f269227..790a4e5b 100644 --- a/src/man/po/zh_TW.po +++ b/src/man/po/zh_TW.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-11-02 16:02-0300\n" +"POT-Creation-Date: 2011-12-19 11:14-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Chinese (Taiwan) <trans-zh_TW@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:978 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 msgid "Section parameters" msgstr "" @@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 -#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190 +#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 +#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 msgid "Default: true" msgstr "" @@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 -#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 -#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 +#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" @@ -796,7 +796,7 @@ msgstr "" msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " -"authentication can enable enable offline authentication again." +"authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -935,7 +935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981 +#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 msgid "Default: 10" msgstr "" @@ -1306,6 +1306,23 @@ msgstr "" msgid "Override the primary GID value with the one specified." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:936 +msgid "case_sensitive (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:939 +msgid "" +"Treat user and group names as case sensitive. At the moment, this option is " +"not supported in the local provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:944 +msgid "Default: True" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:601 msgid "" @@ -1315,29 +1332,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:942 +#: sssd.conf.5.xml:956 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:959 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:948 +#: sssd.conf.5.xml:962 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:970 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:973 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1345,19 +1362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:938 +#: sssd.conf.5.xml:952 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:971 +#: sssd.conf.5.xml:985 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:987 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1365,73 +1382,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:980 +#: sssd.conf.5.xml:994 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:997 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1001 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1006 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:995 +#: sssd.conf.5.xml:1009 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1000 +#: sssd.conf.5.xml:1014 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1005 +#: sssd.conf.5.xml:1019 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1008 +#: sssd.conf.5.xml:1022 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1017 +#: sssd.conf.5.xml:1031 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1020 +#: sssd.conf.5.xml:1034 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1029 +#: sssd.conf.5.xml:1043 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1032 +#: sssd.conf.5.xml:1046 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1439,17 +1456,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1054 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1045 +#: sssd.conf.5.xml:1059 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1048 +#: sssd.conf.5.xml:1062 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1458,17 +1475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1058 +#: sssd.conf.5.xml:1072 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1063 +#: sssd.conf.5.xml:1077 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1080 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1476,17 +1493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1073 +#: sssd.conf.5.xml:1087 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1078 +#: sssd.conf.5.xml:1092 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1081 +#: sssd.conf.5.xml:1095 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1494,18 +1511,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1101 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1117 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1099 +#: sssd.conf.5.xml:1113 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1561,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1134 +#: sssd.conf.5.xml:1148 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1595,7 +1612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 +#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 msgid "Default: nsUniqueId" msgstr "" @@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 msgid "Default: modifyTimestamp" msgstr "" @@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 msgid "Default: cn" msgstr "" @@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 +#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 msgid "Default: memberOf" msgstr "" @@ -2438,73 +2455,98 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:797 +msgid "In IPA provider, ipa_netgroup_object_class should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:801 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:807 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:806 +#: sssd-ldap.5.xml:810 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:814 +msgid "In IPA provider, ipa_netgroup_name should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:824 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:819 +#: sssd-ldap.5.xml:827 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:823 +#: sssd-ldap.5.xml:831 +msgid "In IPA provider, ipa_netgroup_member should be used instead." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:835 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:829 +#: sssd-ldap.5.xml:841 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:844 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +msgid "This option is not available in IPA provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:851 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:842 +#: sssd-ldap.5.xml:857 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:845 +#: sssd-ldap.5.xml:860 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 +msgid "In IPA provider, ipa_netgroup_uuid should be used instead." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:855 +#: sssd-ldap.5.xml:874 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:890 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:893 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2512,7 +2554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:899 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2520,17 +2562,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940 +#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:911 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:892 +#: sssd-ldap.5.xml:914 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2538,17 +2580,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:921 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:927 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:908 +#: sssd-ldap.5.xml:930 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2559,12 +2601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:931 +#: sssd-ldap.5.xml:953 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:956 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2572,29 +2614,48 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:946 +#: sssd-ldap.5.xml:968 +msgid "ldap_connection_expire_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:971 +msgid "" +"Specifies a timeout (in seconds) that a connection to an LDAP server will be " +"maintained. After this time, the connection will be re-established. If used " +"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " +"the TGT lifetime) will be used." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "Default: 900 (15 minutes)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:985 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:949 +#: sssd-ldap.5.xml:988 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:993 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:960 +#: sssd-ldap.5.xml:999 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:1002 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2602,13 +2663,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:969 +#: sssd-ldap.5.xml:1008 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:973 +#: sssd-ldap.5.xml:1012 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2616,27 +2677,35 @@ msgid "" "Directory." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1020 +msgid "" +"<emphasis>Note:</emphasis> If any of the search bases specifies a search " +"filter, then the dereference lookup performance enhancement will be disabled " +"regardless of this setting." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:987 +#: sssd-ldap.5.xml:1033 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:990 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:996 +#: sssd-ldap.5.xml:1042 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1046 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2644,7 +2713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1007 +#: sssd-ldap.5.xml:1053 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2652,7 +2721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1059 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2660,41 +2729,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1065 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1023 +#: sssd-ldap.5.xml:1069 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1029 +#: sssd-ldap.5.xml:1075 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1078 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096 +#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1090 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1093 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2703,38 +2772,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1108 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1111 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 -#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 +#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1121 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1124 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1133 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1136 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2742,90 +2811,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1103 +#: sssd-ldap.5.xml:1149 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1106 +#: sssd-ldap.5.xml:1152 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1162 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1119 +#: sssd-ldap.5.xml:1165 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280 +#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1129 +#: sssd-ldap.5.xml:1175 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1132 +#: sssd-ldap.5.xml:1178 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1183 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1143 +#: sssd-ldap.5.xml:1189 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1146 +#: sssd-ldap.5.xml:1192 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1197 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1157 +#: sssd-ldap.5.xml:1203 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1160 +#: sssd-ldap.5.xml:1206 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1163 +#: sssd-ldap.5.xml:1209 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1215 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1172 +#: sssd-ldap.5.xml:1218 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2833,27 +2902,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1184 +#: sssd-ldap.5.xml:1230 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1187 +#: sssd-ldap.5.xml:1233 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1191 +#: sssd-ldap.5.xml:1237 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2865,7 +2934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2873,7 +2942,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2881,53 +2950,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1275 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1232 +#: sssd-ldap.5.xml:1278 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1241 +#: sssd-ldap.5.xml:1287 msgid "" -"Specifies if the host pricipal should be canonicalized when connecting to " +"Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1253 +#: sssd-ldap.5.xml:1299 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1302 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1261 +#: sssd-ldap.5.xml:1307 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1266 +#: sssd-ldap.5.xml:1312 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2936,7 +3005,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1274 +#: sssd-ldap.5.xml:1320 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2944,61 +3013,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1286 +#: sssd-ldap.5.xml:1332 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1289 +#: sssd-ldap.5.xml:1335 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1293 +#: sssd-ldap.5.xml:1339 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1304 +#: sssd-ldap.5.xml:1350 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1353 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1311 +#: sssd-ldap.5.xml:1357 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1363 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1366 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1371 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1331 +#: sssd-ldap.5.xml:1377 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1380 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3008,12 +3077,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570 +#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1347 +#: sssd-ldap.5.xml:1393 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3022,14 +3091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1397 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1356 +#: sssd-ldap.5.xml:1402 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3038,24 +3107,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1416 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1373 +#: sssd-ldap.5.xml:1419 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1423 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3063,19 +3132,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1384 +#: sssd-ldap.5.xml:1430 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1387 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1392 +#: sssd-ldap.5.xml:1438 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3084,7 +3153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1445 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3092,7 +3161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1451 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3101,89 +3170,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1420 +#: sssd-ldap.5.xml:1466 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1469 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1427 +#: sssd-ldap.5.xml:1473 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1476 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1434 +#: sssd-ldap.5.xml:1480 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1439 +#: sssd-ldap.5.xml:1485 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1443 +#: sssd-ldap.5.xml:1489 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1492 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1453 +#: sssd-ldap.5.xml:1499 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1456 +#: sssd-ldap.5.xml:1502 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1461 +#: sssd-ldap.5.xml:1507 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1465 +#: sssd-ldap.5.xml:1511 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1470 +#: sssd-ldap.5.xml:1516 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1475 +#: sssd-ldap.5.xml:1521 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1526 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3200,74 +3269,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1538 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1545 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1548 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544 +#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1518 +#: sssd-ldap.5.xml:1564 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1567 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1583 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1586 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1556 +#: sssd-ldap.5.xml:1602 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1559 +#: sssd-ldap.5.xml:1605 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1563 +#: sssd-ldap.5.xml:1609 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1573 +#: sssd-ldap.5.xml:1619 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3275,33 +3344,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1576 +#: sssd-ldap.5.xml:1622 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1629 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1632 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1636 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1494 +#: sssd-ldap.5.xml:1540 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3309,7 +3378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1610 +#: sssd-ldap.5.xml:1656 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3317,7 +3386,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1662 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3331,18 +3400,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 +#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1677 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3351,7 +3420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1642 +#: sssd-ldap.5.xml:1688 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3542,7 +3611,7 @@ msgid "" "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " -"libraries it reads and evaluates these variable and returns them to the " +"libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" @@ -3670,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62 +#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3741,32 +3810,38 @@ msgid "" "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " -"provider. However, it is neither necessary nor recommended to set these " -"options. IPA provider can also be used as an access and chpass provider. As " -"an access provider it uses HBAC (host-based access control) rules. Please " -"refer to freeipa.org for more information about HBAC. No configuration of " -"access provider is required on the client side." +"provider with some exceptions described below." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ipa.5.xml:55 +msgid "" +"However, it is neither necessary nor recommended to set these options. IPA " +"provider can also be used as an access and chpass provider. As an access " +"provider it uses HBAC (host-based access control) rules. Please refer to " +"freeipa.org for more information about HBAC. No configuration of access " +"provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:69 +#: sssd-ipa.5.xml:72 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:72 +#: sssd-ipa.5.xml:75 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:80 +#: sssd-ipa.5.xml:83 msgid "ipa_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:83 +#: sssd-ipa.5.xml:86 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " @@ -3776,109 +3851,109 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:96 +#: sssd-ipa.5.xml:99 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:99 +#: sssd-ipa.5.xml:102 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:107 +#: sssd-ipa.5.xml:110 msgid "ipa_dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:110 +#: sssd-ipa.5.xml:113 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 +#: sssd-ipa.5.xml:124 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:127 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:129 +#: sssd-ipa.5.xml:132 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 +#: sssd-ipa.5.xml:138 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:141 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:142 +#: sssd-ipa.5.xml:145 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:161 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:168 +#: sssd-ipa.5.xml:171 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:172 +#: sssd-ipa.5.xml:175 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:183 +#: sssd-ipa.5.xml:186 msgid "" -"Specifies if the host and user pricipal should be canonicalized when " +"Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 +#: sssd-ipa.5.xml:199 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:202 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3886,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:206 +#: sssd-ipa.5.xml:209 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:214 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:217 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3905,26 +3980,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:223 +#: sssd-ipa.5.xml:226 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 +#: sssd-ipa.5.xml:231 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:233 +#: sssd-ipa.5.xml:236 msgid "Default: DENY_ALL" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:241 +msgid "ipa_hbac_support_srchost (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:244 +msgid "" +"If this is set to false, then srchost as given to SSSD by PAM will be " +"ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:254 +msgid "ipa_netgroup_member_of (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:257 +msgid "The LDAP attribute that lists netgroup's memberships." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:266 +msgid "ipa_netgroup_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:269 +msgid "" +"The LDAP attribute that lists system users and groups that are direct " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:274 +msgid "Default: memberUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:279 +msgid "ipa_netgroup_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:282 +msgid "" +"The LDAP attribute that lists hosts and host groups that are direct members " +"of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:286 +msgid "Default: memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:291 +msgid "ipa_netgroup_member_ext_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:294 +msgid "" +"The LDAP attribute that lists FQDNs of hosts and host groups that are " +"members of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:298 +msgid "Default: externalHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:303 +msgid "ipa_netgroup_domain (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:306 +msgid "The LDAP attribute that contains NIS domain name of the netgroup." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:310 +msgid "Default: nisDomainName" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:316 +msgid "ipa_host_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:319 +msgid "The object class of a host entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:322 +msgid "Default: ipaHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:327 +msgid "ipa_host_fqdn (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:330 +msgid "The LDAP attribute that contains FQDN of the host." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:333 +msgid "Default: fqdn" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:249 +#: sssd-ipa.5.xml:348 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3932,7 +4125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:256 +#: sssd-ipa.5.xml:355 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3942,7 +4135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:366 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4071,30 +4264,40 @@ msgid "" "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.8.xml:135 +msgid "<option>--version</option>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.8.xml:139 +msgid "Print version number and exit." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.8.xml:137 +#: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:140 +#: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:143 +#: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:149 +#: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:152 +#: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " @@ -4102,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:160 +#: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:163 +#: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:169 +#: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:172 +#: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.8.xml:183 +#: sssd.8.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" @@ -4768,7 +4971,7 @@ msgstr "" #: sssd-krb5.5.xml:391 msgid "" "Please note also that sssd supports fast only with MIT Kerberos version 1.8 " -"and above. If sssd used used with an older version using this option is a " +"and above. If sssd used with an older version using this option is a " "configuration error." msgstr "" @@ -4785,7 +4988,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:412 msgid "" -"Specifies if the host and user pricipal should be canonicalized. This " +"Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos >= 1.7" msgstr "" |